Reputation: 411
Rest client communicating with server over https
I have this REST client in one server that will call the endpoints in another server. I understand that If I don´t have the certificates imported, calls will fail due to a SSL Handshake problem. I also understand that the certificates should be exported from my server and then imported in the client machine. So far so good.
The problem is, what certificates should I export from my server? is there any kind of public certificate with a specific name? Should I create a self signed certificate in the server side, export it and then import it in the client side?
What would be the required steps in order to generate the certificate (if this is the case) and export the certificate?
For real world applications (in this case, one server talking to another) this(or these) certificate(s) should be self signed, public?
- What is the relation between the certificates and the JVM (keytool thing, keystore, etc)?
As you can see, my questions are more about basic concepts.
Thank you
Upvotes: 1
Views: 1654
Answers (1)
Reputation: 6580
Briefly,
- you can create your own self signed certificate. This won't protect your app from all kinds of attacks, but your communication will be encrypted. If you're running this in some intranet, I think this is a reasonable solution.
- see below
- see #1
- see #2
To generate a certificate in your server, you can do something like
/opt/jdk1.7.0_40/bin/keytool -genkey -alias tomcat -keypass mypassword -keystore keystore.key -storepass mypassword -keyalg RSA
And then you'll probably need to add some steps to configure your webserver. You haven't specified any, but if you were using tomcat, you'd add something like this to server.xml
<Connector
port="8443"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/path.to.your.keystore/keystore.key"
keystorePass="mypassword" />
To import the certificate in the client side, you can open the login page using firefox, right-click on the page and open "view page info", then go to the "security" tab, then click on "view certificate", click on "details" and then "export".
Default is x.509 PEM, which is ok. Let's suppose that you've saved the file as "TomcatUser.pem.x509", you have to store the certificate in a keystore in the format java can understand, just like this
/opt/jdk1.7.0_40/bin/keytool -import -file TomcatUser.pem.x509 -keystore ~yourUser/MyLocalKeypass -storepass xyz
Finally, your client will need something like this
System.setProperty("javax.net.ssl.trustStore","~yourUser/MyLocalKeypass");
System.setProperty("javax.net.ssl.trustStorePassword","xyz");
Upvotes: 1
Related Questions
- Consuming RESTful service over https with certificate using Java
- Java client certificates over HTTPS/SSL
- Using HTTPS with REST in Java
- Problems connecting via HTTPS/SSL through own Java client
- REST client with TLS returns SSLHandshakeException: Received fatal alert: handshake_failure
- java REST client return handshake_failure when call https
- SSL Handshake exception - RESTEASY004655
- How to communicate over SSL from a client in Java
- Client rest SSL java : javax.net.ssl.SSLHandshakeException
- RESTful call to HTTPS server from java client