Reputation: 1193
I'm using the Spring RESTTemplate on the client side to make calls to a REST endpoint. The client in this case is a Spring app and Tomcat is the servlet container.
I'm running into issues making a connection to an HTTPS endpoint. I am receiving an error which indicates it cannot find a valid path to the truststore. Where can I specify this? Is this done at the container level or the application config (Spring) level?
Stack trace:
org.springframework.web.client.ResourceAccessException: I/O error: PKIX path building failed:
unable to find valid certification path to requested target;
nested exception is
PKIX path building failed:
unable to find valid certification path to requested target
Upvotes: 17
Views: 43517
Reputation: 978
More specifically, calling this method will do the trick, so that any subsequent HttpClient calls will not care about SSL certificate validity:
public static void trustSelfSignedSSL() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
public X509Certificate[] getAcceptedIssuers() {
return null;
ctx.init(null, new TrustManager[]{tm}, null);
} catch (Exception ex) {
Upvotes: 40
Reputation: 30449
You need to properly configure the SSLContext which is done external to the RESTTemplate. This should get you started:
String keystoreType = "JKS";
InputStream keystoreLocation = null;
char [] keystorePassword = null;
char [] keyPassword = null;
KeyStore keystore = KeyStore.getInstance(keystoreType);
keystore.load(keystoreLocation, keystorePassword);
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, keyPassword);
InputStream truststoreLocation = null;
char [] truststorePassword = null;
String truststoreType = "JKS";
KeyStore truststore = KeyStore.getInstance(truststoreType);
truststore.load(truststoreLocation, truststorePassword);
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManager [] keymanagers = kmfactory.getKeyManagers();
TrustManager [] trustmanagers = tmfactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keymanagers, trustmanagers, new SecureRandom());
Upvotes: 12