I'm looking for a way to implement the following mTLS authenticated request in Java:
PFX=x509.pfx
curl --location --request POST 'https://example.com/' \
--cert-type p12 \
--cert "$PFX:mySecretPassword"
I'm using a x509 pfx file encrypted with a password.
For server side, choose framework like Spring.
Check Spring Security docs for more.
Here is intro https://www.baeldung.com/x-509-authentication-in-spring-security
To implement client only try okHttp,
that is usually troublesome to use custom certificate in client, e.g. Use a certificate in an okhttp request with android
So state what exactly you want, and raise better question.
As an advise, try to use standard/default configuration as much as possible.
https://www.baeldung.com/spring-boot-https-self-signed-certificate
Related
I stuck with problem how to authorize java client application that consume rest api and need to autorize by ceritication issued by internal CA. So I have CA certificate, then Client certificate and client private key generate by OpenSSL. I'm looking for guide/ example how to tell OkHttpClient to sign request with Client certificate to bypass Apache SSL autorization. All is done on internal network. Can you guys help me?! I tried so much ways that I'm lost. I need good example. The stack is Retrofit with OkHTTPClient.
here is example via cURL what I need to implement in java in smart way
https://downey.io/notes/dev/curl-using-mutual-tls/
** SOLUTION BELOW **
how to add SSL certificates to okHttp mutual TLS connection?
In my case was mistake in private key format. I got pkcs1 and it must by pkcs8.
There is not much on SO about what to do when you are seeing <ErrorMessage>Dynamic backend host not specified</ErrorMessage> except for this question.
Hoping this will become a resource for other developers who face this issue, as well as answer my specific case.
I am trying to test that SOAP requests sent from my client (built from WSDL) can hit a server (generated from the same WSDL), the source code for which I have no access to or responsibility for.
Currently I am just curl-ing against the server's endpoint with my (client) certificates and some XML to POST:
curl -X POST https://www.endpoint.com/service.svc:443 --cert certificates.p12:password --cert-type pkcs12 -d ‘<example>Place Holder XML </example>’
(Can't include the actual curl request due to its confidential nature)
The server is responding with:
<?xml version="1.0" encoding="UTF-8"?>
<ErrorMessage>Dynamic backend host not specified</ErrorMessage>
The other SO answer linked above suggests that this may be a result of not including the correct headers in my request. If this is the problem in my case, does anyone know why the lack of headers is the cause of trouble here? Are there other possible causes of this error that are the responsibility of the client? Could this be an error on the server?
I have an URL that requires me digest auth using username and password.
curl -k --digest -u user:password https://api.uni5.net/cliente
But have no idea how to use Digest in get Request for Java application.
I'm searching for a simple way, cuz actually we dont use Java in our development, but now we need to use it inside the server.
Thanks for help!
i am not familiar with cryptography,there is requirement in my project that i have to send json data in encrypted form that is using s/mime or x509 certificate.i am using resteasy
Please help me
thank you
You basically have to use SSL - HTTPS. It shouldn't matter for your Java App what transmission is used but your JBoss admins must set up connectors/listeners - usually 8443 and install SSLs.
I'm interested if Google App Engine provides a way to use a X.509 Certificate to create a HTTPS connection (the server where I have to connect provides the public certificate - to encrypt data that I send and the private key to decrypt the data received from that server).
According to this post https://groups.google.com/forum/?fromgroups#!topic/google-appengine-python/C9RSDGeIraE it's not possible but 3 years passed since this answer was posted.
SSL client certificates are not currently supported. The feature request is here.
AppEngine has the ability to work with SSL certificate on your custom domain, that means the you can assign a certificate to a domain that is running on the AppEngine.
You cannot AFAIK make a request and provide a custom certificate per request.
Documentation on AppEngine SSL.