Menu
I wonder if I am able to make a connection using curl like the following command,
curl --cacert some.pem https://someurl.com/resource
How do I convert this to httpclient code? I understands I need to convert the pem file and create a new keystore, etc. But all these openssl, keytool commands, keystore, truststore confuses me, I don't know which one to use and in which order.
534
You need to create a keystore (which you'll use as a trust store) from the PEM file. This can be done as follows.
keytool -import -file cacert.pem -alias myca -keystore truststore.jks
You then need to use this keystore as a truststore.
If you wish to do this for a specific connection only, you should follow this answer.
If you want to do this for all connections in your application (or at least those that don't change the default), you can use the javax.net.ssl.trustStore (and related) system properties (see the Customization section of the JSSE Reference Guide). The problem if you want to do this for your entire application is that default trusted CAs won't be included. An easy way around this is to make a copy of the cacerts file bundled with your JRE and use it as a starting point for truststore.jks.
Alternatively, you can import the certificate directly into the global cacerts file, but this will make that certificate trusted by default on all applications running on this JRE.
(You can also find more about the distinction between keystore and truststore in this answer.)
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
