Geek Answers Handbook

Where to host the keystore for a Tomcat web application using the Apache HTTP client

I am writing a procedure to access a remote server. This server that I connect to requires mutual authentication, so I have to provide a keystore, and while I am on it, I would also like to place a proper power of attorney.

I can find many guides for creating a keystore using keytooland several ways to get the Apache HTTP client to recognize it, but not where to store it in Tomcat so the application can find it. Somehow passing it to a military application file seems like a bad idea to me.

Again, this prevents Tomcat from handling incoming https connections. I have a reverse proxy configured by our administrative team for this. I create outgoing https connections that require mutual authentication, that is, how to accept the self-signed certificate of the target server, and provide my own client server certificate.

Where are the actual Tomcat keystore and trust files stored for use by the web application?

+4
source share
2 answers

, , , , httpclient, .

, , .

Apache httpclient https

, (ha!) httpclient . , httpclient API, " , " " , " ( ClassLoader - ), , , .

, Java - , . HTTP-, , , HttpsURLConnection, , , .

, . , , .. , , , .

+3

@Christopher Schultz, , , , .

, httpclient API, " , " " , " ( ClassLoader - ), ,

Apache HttpClient 4.3 SSL.

SSLContext sslContext = SSLContexts.custom()
        .loadTrustMaterial(trustStore)
        .build();
CloseableHttpClient client = HttpClients.custom()
        .setSslcontext(sslContext)
        .build();


URL resource = getClass().getResource("/com/mycompany/mystuff/my.truststore");
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream inputStream = resource.openStream();
try {
    trustStore.load(inputStream, null /*usually not password protected*/);
} finally {
    inputStream.close();
}
+1

More articles:


All Articles