Trusting a pem certificate about sslcontext-kickstart HOT 4 CLOSED

Thanks for your quick response!
I don't know why it doesn't work on my machine but at least I'm using the library correctly :D

I just tried the example on my home computer and it works fine, so I guess there's something wrong on my work computer. I'll try to find out what, thanks again for your help!

from sslcontext-kickstart.

Great to hear @Athou!

You also mentioned the following:

I however am not sure how to use it, all examples load both a trust material and an identity material, and I only have a public certificate in the pem format. I thought I'd be able to just call

Adding the identity material is only needed when the server is requesting the client to identify itself, also named mutual authentication or two-way-ssl. In that case you can load the private key and the certificate chain into a keymanager and supply it to the sslfactory and hand it over to your http client. Your setup is required one-way-ssl and the SSLFactory configuration for that use case is good and well configured!

Feel free to ask anything or if you get stuck!
Good luck by the way!

Thanks for the clarification!

Regarding the exception, I have Oracle JDK 1.8.0_192 on my work machine. I downloaded the latest OpenJDK version (8u282) and it works fine with that version. It may be a JDK bug then.

from sslcontext-kickstart.

Hi Jérémie

Really nice to hear that this library is exactly what you are looking for! And thank you for sharing an example project, this makes it really easy to debug and help you.

I have cloned your project and tried it locally. The setup looks good to me. I am not getting the same exception as you, for me it is working and I am getting a 200 response. I am using Mac, so I thought it might behave differently for windows. I added a build script to run your project on a linux and windows environment and everything is still working, see here for the build report: https://github.com/Hakky54/ssl-test/runs/1808227852

I didn't changed your code, it is exactly the same as I forked it. I am using oracle jdk 1.8.241 with maven 3.6.3 and I also tried maven 3.5.0 and that also worked. What you can try is maybe not setting the ssl material at the root level but at the specific connection level. So try changing the following snippet:

from:

HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory.getSslSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(sslFactory.getHostnameVerifier());

to:

HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setSSLSocketFactory(sslFactory.getSslSocketFactory());
httpsConnection.setHostnameVerifier(sslFactory.getHostnameVerifier());

To be able to set it at connection level you first need to cast your connection to HttpsURLConnection instead of HttpURLConnection

from sslcontext-kickstart.

Great to hear @Athou!

You also mentioned the following:

I however am not sure how to use it, all examples load both a trust material and an identity material, and I only have a public certificate in the pem format. I thought I'd be able to just call

Adding the identity material is only needed when the server is requesting the client to identify itself, also named mutual authentication or two-way-ssl. In that case you can load the private key and the certificate chain into a keymanager and supply it to the sslfactory and hand it over to your http client. Your setup is required one-way-ssl and the SSLFactory configuration for that use case is good and well configured!

Feel free to ask anything or if you get stuck!
Good luck by the way!

from sslcontext-kickstart.