Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Curl cacert to Java HttpClient equivalent

I wonder if I am able to make a connection using curl like the following command,

curl --cacert some.pem https://someurl.com/resource

How do I convert this to httpclient code? I understands I need to convert the pem file and create a new keystore, etc. But all these openssl, keytool commands, keystore, truststore confuses me, I don't know which one to use and in which order.

like image 534
Thomas Kao Avatar asked Nov 03 '22 17:11

Thomas Kao


1 Answers

You need to create a keystore (which you'll use as a trust store) from the PEM file. This can be done as follows.

keytool -import -file cacert.pem -alias myca -keystore truststore.jks

You then need to use this keystore as a truststore.

If you wish to do this for a specific connection only, you should follow this answer.

If you want to do this for all connections in your application (or at least those that don't change the default), you can use the javax.net.ssl.trustStore (and related) system properties (see the Customization section of the JSSE Reference Guide). The problem if you want to do this for your entire application is that default trusted CAs won't be included. An easy way around this is to make a copy of the cacerts file bundled with your JRE and use it as a starting point for truststore.jks.

Alternatively, you can import the certificate directly into the global cacerts file, but this will make that certificate trusted by default on all applications running on this JRE.

(You can also find more about the distinction between keystore and truststore in this answer.)

like image 106
Bruno Avatar answered Nov 15 '22 01:11

Bruno