how to write java client and server applications that uses mutual ssl authentication between them?
I\'m building two java applications which have to communicate using SSL two way authentication, I used instructions from here to create client and server certificates.
then
-
after spending a long time to make this work, the solution is as follows:
first when setting the properties usingSystem.put("key", "value")I noticed after many tries it is not setting theKeyStorevalue it is does not appear in the ssl log , also tried to set the properties as parameters in the tomcat configuration using-Djavax.net.ssl.keyStore=""this also didn't work.
so I read theKeyStorefrom anInputStreamlike this:KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream io = new FileInputStream("path/to/jks/file.jks"); try{ keystore.load(io, "pass".toCharArray()); } finally { io.close(); }and use the same previous code to read the
TrustStorelike :KeyStore trustStore= KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream stream = new FileInputStream("path/to/truststore/file.jks"); try{ keystore.load(stream, "trusted".toCharArray()); } finally { stream.close(); }after that define the
SSLContext:SSLContext sslcontext = SSLContexts.custom() .loadKeyMaterial(keystore, "keyPassword".toCharArray()) .loadTrustMaterial(truststore, new TrustSelfSignedStrategy()) .build();loadKeyMaterialused to load thekeyStoreit takes the password of your privateKey"keyPassword"as a parameter, so you must protect the private key using a password, when I tried to use a plain private key not encrypted "protected" with a password, I get exception which says:java.security.UnrecoverableKeyException: Cannot recover key, by default this is the same as the keystore password unless you changed it.
then create theSSLConnectionSocketFactoryand pass it as a parameter to theHttpClient.. this worked for me :)
加载中...
- 热议问题