Reputation: 61
Websphere Application Server - HTTPClient - SSL Peer unathenticated
I'm consuming a REST Service on WAS using Apache HTTPClient. This is HTTPS (PKI) and Target security is trusted in WAS Trust store and SSL certificate and key management > Manage endpoint security configurations > OutBound > http >SSLConfiguration is pointed to correct SSLConfigraiton (using the trust store where target cert is trusted ). But, when I invoke target service using HTTP Client, I 'm getting peer not authenticated.
When I go through various forms, I see suggestions like point loading SSLContext in code.,
But isn't every HTTP out bound from my JVM ( WAS Server ) should be validated at my trust store (which is set at WAS SSL Certificate and Key Management )
Am'I missing something else? Please suggest.
Upvotes: 0
Views: 2803
Answers (2)
Reputation: 137
I had this issiue too
I solved it with the default SSLSocketFactory. This allows your HttpClient to use the Truststore from your Websphrere. This code is for HttpClient version 4.2 with the newer Versions you could do this directly with the Builder class i think.
// register default SSLSocketFactory to use SSL Certificates from Websphere
javax.net.ssl.SSLSocketFactory wasSslFactory = (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
org.apache.http.conn.ssl.SSLSocketFactory socketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(wasSslFactory, org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme scheme = new Scheme("https", 443, socketFactory);
httpClient.getConnectionManager().getSchemeRegistry().register(scheme);
Upvotes: 1
Reputation: 693
For authenticating SSL connections, WAS presents an SSL certificate which is a self-signed certificate by default. In such a case, you need to import the root certificate from WAS to the trust store that is being used by the HTTPClient program.
You can refer to this link from the IBM Knowledge Center for more information on SSL implemented by WebSphere.
To answer your second question, outbound connections are validated using the WAS trust store. In your case, you are using HTTPClient to trigger a service on WAS. This would be defined as an inbound connection from the WAS perspective.
Upvotes: 0
Related Questions
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"
- Trusting all certificates using HttpClient over HTTPS
- Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
- Trust Store vs Key Store - creating with keytool
- Issue with www.google.com SSL cert in WebSphere 6.1
- Configure SSL between Websphere App Server and Websphere MQ
- Implementing SSL , JAX-WS webservice on IBM Websphere Application server