0

Problem : I want to consume the HTTPS Restful Webservice by using jersey client.

1) I got CARoot certificate from the 3rd party and installed on browser (Mozilla) and i am able to access these services from RestClient on Mozilla browser.

i) RootCA.pem ii) SubCA-Client.pem iii) abc_sdsdllkl_p12.pfx

2) I want to configure this Webservice in JAVA code by using jersey client.

3) What are the steps i have to do to configure these certificates in java code.

4) I don't want to configure these in local JRE.

PAttributes pd = new PAttributes();
            ClassLoader classLoader = pd.getClass().getClassLoader();
            File file = new File(classLoader.getResource("cacerts").getFile());
            System.setProperty("javax.net.ssl.trustStore",file.getAbsolutePath());
            System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
            Client client = Client.create();
            WebResource webResource = client.resource("https://xyz/abc/getAttributes");
            String input = new PAttributes().getRequestBody();
            ClientResponse clientResponse = webResource.accept("application/xml").type("application/xml").post(ClientResponse.class, input);
            String output = clientResponse.getEntity(String.class);
            System.out.println("output"+output);

I have downloaded the .crt files from browser and need to configure, don't know how ?

user3676578
  • 213
  • 1
  • 5
  • 17

1 Answers1

1

In your java installation folder is a file called cacerts. This is the "Keystore" or "Truststore" of your JRE. It contains all certificates that are trusted by your JRE. You can add / remove certificates from the truststore. To easily add / remove certificates, you can use the GUI Programm Keystore Explorer.

Option 1 Using Keystore Explorer and the default Truststore

  1. Open the truststore with the Keystore Explorer.
    (The truststore should be under <JRE-HOME>/lib/security/cacerts, The default password should be "changeit" or "changeme")

  2. Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer

  3. Click "import" and Save the truststore

Now your JRE installation is ready to consume the webservice.

Option 2 Using Keystore Explorer and a separate Truststore

  1. Copy your default truststore into your project. The path of the default truststroe is: <JRE-HOME>/lib/security/cacerts

  2. Open the copied truststore with the Keystore Explorer.
    (The default password should be "changeit" or "changeme")

  3. Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer

  4. Start your programm with the following VM-Arguments:

    -Djavax.net.ssl.trustStore [path-to-copied-truststore]
    -Djavax.net.ssl.trustStorePassword [truststore password]

Option 3 Using 2 Truststores (Default + Separate Truststore)

If you want to use the default truststore and a separate one for the Website refer to this post https://stackoverflow.com/a/24561444/1638059

Community
  • 1
  • 1
Sebastian
  • 1,642
  • 13
  • 26
  • I am not getting how to do this, I am having two .crt files 'RootCA.crt' and SubCA-Client.crt, where to put these file and how to configure into Java code. – user3676578 Mar 08 '17 at 11:59
  • Are you using Linux or Windows? – Sebastian Mar 08 '17 at 12:01
  • I am using Windows 10 OS. I am new to SSL certificate. – user3676578 Mar 08 '17 at 12:02
  • I edited the anwnser for a hopefully better unterstandment. – Sebastian Mar 08 '17 at 12:33
  • Getting below exception while trying second approach. com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151) at com.sun.jersey.api.client.Client.handle(Client.java:648) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:568) – user3676578 Mar 08 '17 at 13:14
  • Does the exception say something like "Cannot find valid certification path"? – Sebastian Mar 08 '17 at 13:17
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/137558/discussion-between-user3676578-and-schlangguru). – user3676578 Mar 08 '17 at 13:20