Reputation: 1443
I am new to Spring Boot. So far I am enjoying it. I have developed a demo SSL rest web server that correctly handles mutual X.509 certificate authentication. Using an IE browser with self signed client & server certificates, I have tested that the demo rest web server is working correctly -- both the server and browser are successfully exchanging and validating each others certificates.
I am having trouble finding an SSL client example that shows how to include the client certificate and issue the https. Anybody have a simple rest client example that shows how to consume my ssl server?
Best Regards, Steve Mansfield
Upvotes: 18
Views: 112170
Reputation: 1953
I know its too late, but here is the code that works for me.
public class Application {
private static final Logger log = LoggerFactory.getLogger(Application.class);
public static void main(String args[]) {
public static void makeWebServiceCall() {
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext;
ResponseEntity<String> response = null;
try {
sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy)
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
RestTemplate restTemplate = new RestTemplate(requestFactory);
StringBuffer plainCreds = new StringBuffer();
byte[] plainCredsBytes = plainCreds.toString().getBytes();
byte[] base64CredsBytes = Base64.getEncoder().encode(plainCredsBytes);
String userBase64Credentials = new String(base64CredsBytes);
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", "Basic " + userBase64Credentials);
HttpEntity entity = new HttpEntity<>(headers);
String url = "https:restUrl";
response =, HttpMethod.GET, entity, String.class);
if(response.getStatusCodeValue() == 200) {"Success! Further processing based on the need");
} else {"****************Status code received: " + response.getStatusCodeValue() + ".************************");
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
log.error("Exception occured. Here are the exception details: ", e);
} catch(HttpClientErrorException e) {
if(e.getRawStatusCode() == 403) {"****************Status code received: " + e.getRawStatusCode() + ". You do not have access to the requested resource.************************");
} else if(e.getRawStatusCode() == 404) {"****************Status code received: " + e.getRawStatusCode() + ". Resource does not exist(or) the service is not up.************************");
} else if(e.getRawStatusCode() == 400) {"****************Status code received: " + e.getRawStatusCode() + ". Bad Request.************************");
} else {"****************Status code received: " + e.getRawStatusCode() + ".************************");
}"****************Response body: " + e.getResponseBodyAsString() + "************************");
Here is the maven filed
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns=""
<!-- -->
<!-- -->
Upvotes: 0
Reputation: 13736
Other way to do this. Inject the values for keyStoreLocation and keyStorePassword
public class SampleSSLClient extends RestTemplate{
/** The key store password. */
private String keyStorePassword;
/** The key store location. */
private String keyStoreLocation;
/** The rest template. */
private RestTemplate restTemplate;
/** The http components client http request factory. */
private HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory;
* Instantiates a new custom rest template.
public CustomRestTemplate() {
public CustomRestTemplate(RestTemplate restTemplate){
this.restTemplate = getRestTemplate();
* Rest template.
* @return the rest template
public RestTemplate getRestTemplate() {
if (null == httpComponentsClientHttpRequestFactory) {
httpComponentsClientHttpRequestFactory = loadCert();
return restTemplate;
* Load cert.
* @return the http components client http request factory
private HttpComponentsClientHttpRequestFactory loadCert() {
try {
char[] keypass = keyStorePassword.toCharArray();
SSLContext sslContext = SSLContextBuilder.create()
.loadKeyMaterial(getkeyStore(keyStoreLocation, keypass), keypass)
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
HttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(client);
} catch (Exception ex) {
LOGGER.error(MessageFormat.format("Some Error", ex.getMessage()), ex);
return httpComponentsClientHttpRequestFactory;
* Key store.
* @param storePath the store path
* @param password the password
* @return the key store
private KeyStore getkeyStore(String storePath, char[] password) {
KeyStore keyStore;
try {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
File key = ResourceUtils.getFile(storePath);
try (InputStream in = new FileInputStream(key)) {
keyStore.load(in, password);
}catch (Exception ex) {
LOGGER.error(MessageFormat.format("Some Error", ex.getMessage()), ex);
return keyStore;
* Sets the key store password.
* @param keyStorePassword the new key store password
public void setKeyStorePassword(String keyStorePassword) {
this.keyStorePassword = keyStorePassword;
* Sets the key store location.
* @param keyStoreLocation the new key store location
public void setKeyStoreLocation(String keyStoreLocation) {
this.keyStoreLocation = keyStoreLocation;
* Sets the rest template.
* @param restTemplate the new rest template
public void setRestTemplate(RestTemplate restTemplate) {
this.restTemplate = restTemplate;
Upvotes: 0
Reputation: 14479
The example of user1707141 didn´t work for me and skmansfield seems rather depending on specific files, that aren´t convention with Spring Boot / Maven. Also Andy Wilkinson´s answer uses the constructor SSLConnectionSocketFactory, which was deprecated in Apache httpclient 4.4+ and also seems quite complex.
So I created a example project that should show everything 100% comprehensible here:
Besides the normal usage of the RestTemplate with @Autowired
in your Testclass, be sure to configure your RestTemplate like this:
package de.jonashackt.restexamples;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.util.ResourceUtils;
import org.springframework.web.client.RestTemplate;
public class RestClientCertTestConfiguration {
private String allPassword = "allpassword";
public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
SSLContext sslContext = SSLContextBuilder
.loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"), allPassword.toCharArray(), allPassword.toCharArray())
.loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())
HttpClient client = HttpClients.custom()
return builder
.requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client))
Upvotes: 18
Reputation: 63
This worked for me :
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true; sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
RestTemplate restTemplate = new RestTemplate(requestFactory);
Upvotes: -3
Reputation: 1443
I could not get the above client submitted by Andy to work. I kept getting errors saying that "localhost != clientname". Anyways, I got this to work correctly.
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.methods.GetMethod;
public class SSLClient {
System.setProperty("", "password");
System.setProperty("", "c:/apachekeys/client1.jks");
System.setProperty("", "password");
public static void main(String[] args) throws HttpException, IOException {
HttpClient client = new HttpClient();
GetMethod method = new GetMethod();
method.setURI(new URI("https://localhost:8443/restserver", false));
Upvotes: 7
Reputation: 116231
Given that you're using Spring, here's an example that shows how to use Spring's RestTemplate
and Apache's HttpClient
configured with a client certificate and to trust a self-signed certificate from the server:
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(new File("keystore.jks")),
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
RestTemplate restTemplate = new RestTemplate(requestFactory);
ResponseEntity<String> response = restTemplate.getForEntity(
"https://localhost:8443", String.class);
Upvotes: 21