1

I stuck with problem how to authorize java client application that consume rest api and need to autorize by ceritication issued by internal CA. So I have CA certificate, then Client certificate and client private key generate by OpenSSL. I'm looking for guide/ example how to tell OkHttpClient to sign request with Client certificate to bypass Apache SSL autorization. All is done on internal network. Can you guys help me?! I tried so much ways that I'm lost. I need good example. The stack is Retrofit with OkHTTPClient.

here is example via cURL what I need to implement in java in smart way https://downey.io/notes/dev/curl-using-mutual-tls/

** SOLUTION BELOW **

how to add SSL certificates to okHttp mutual TLS connection?

In my case was mistake in private key format. I got pkcs1 and it must by pkcs8.

Bednic
  • 71
  • 1
  • 7
  • Do you want to bypass (ignore) or sign the request? If signing, this documentation is pretty much what you need to do - https://square.github.io/okhttp/https/ – aksappy Jul 13 '21 at 14:41
  • I tried this and it's still telling me, apache didnt recieve certificate. So somehow I'm not sending client certificate. – Bednic Jul 13 '21 at 14:53
  • What is telling you that apache did not receive the cert? Are there debug logs from your application that we can see? – aksappy Jul 13 '21 at 16:10
  • Good news, problem solved. [here](https://stackoverflow.com/questions/60224181/how-to-add-ssl-certificates-to-okhttp-mutual-tls-connection) is right solution to mtls communication. My problem was that I have private key in bad format for first try, so java wont cooperate. When I tranform key to right format, all works like a charm. – Bednic Jul 14 '21 at 10:51

0 Answers0