1

I have a need to call different services with different ssl contexts. Do I need to use diff webclients for this or is there a way I can use just one?

Clueless Coder
  • 23
  • 4
  • What do you mean by "different ssl contexts" and "different web clients"? Can you show us with a code example? In my experience, the concept of SSL does not usually come up when using a web client. That's all hidden from you. So I don't understand your question. – CryptoFool Nov 03 '20 at 15:24
  • from this I see that you can use a sslcontext to create a httpclient connector and the use that to create a webclient. My use case needs me to connect to 2 diff endpoints with diff ssl context. – Clueless Coder Nov 03 '20 at 15:39
  • From "this"? What do you mean? Can you show some sample code of how you'd set up a httpclient using a particular sslcontext? – CryptoFool Nov 03 '20 at 15:43
  • sry. I thought I put the url here. https://stackoverflow.com/questions/45418523/spring-5-webclient-using-ssl – Clueless Coder Nov 03 '20 at 15:45
  • What kind of sites are you accessing? Are they using self signed or non-standard certificates? That's what that question is about. That question is not applicable to the standard case, like going to `apple.com`, `google.com`, or probably `yourwork.com` or most other URLs on the web. – CryptoFool Nov 03 '20 at 15:51
  • i'll be using self-signed/non-standard certificates. – Clueless Coder Nov 03 '20 at 15:53
  • Oh. Ok. I wish you'd said that up front. I think you can use one client if you follow the instructions in that question you linked to. The reason is that there's nothing in that code that ties the client to a particular certificate, so therefore the client is not tied to a particular site. All that code is doing, I think, is turning off the checking of SSL certificates. – CryptoFool Nov 03 '20 at 15:59

1 Answers1

0

Your question depends on how you want to or need to set up the client for each of the sites that you want to connect to. In talking with you in the comments, I now understand that:

  1. You want to connect to HTTPS protected sites that are using self-signed SSL certificates

  2. You don't want to authenticate those certificates, but rather just want to ignore all certificate checking by the client.

Since you just want to create a client that ignores the SSL certificates of the sites your connecting to, then you can follow the instructions in the link you provided, this one, and you should be able to use just one client configured this way to connect to any number of sites.

Even if you wanted to check and trust the self-signed certificates from these sites you want to access, you could probably do it with a single client. All you'd need to do is register each cert with the client so that it would trust that cert. You can have a client trust multiple certs by putting them each into the same trust store that is being used by the client.

So the short answer here is No, you shouldn't need to create more than one client.

CryptoFool
  • 21,719
  • 5
  • 26
  • 44
  • Thanks for the guidance. I do want to check and trust the certs. I'll try to do what you suggested. sry. apparently my upvote doesn't count. – Clueless Coder Nov 03 '20 at 16:21
  • Cool. I think if you can get connection to one site working, then at that point it will be clear if you can just add additional certificates to your setup and therefore use that same client for the other sites. Best of luck! – CryptoFool Nov 03 '20 at 16:24