Https Using Jersey Client

HTTPS using Jersey Client

Construct your client as such

HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
ClientConfig config = new DefaultClientConfig();
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, myTrustManager, null);
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ctx));
Client client = Client.create(config);

Ripped from this blog post with more details: http://blogs.oracle.com/enterprisetechtips/entry/consuming_restful_web_services_with

For information on setting up your certs, see this nicely answered SO question: Using HTTPS with REST in Java

How to consume https RestFul Webservice using jersey client

In your java installation folder is a file called cacerts. This is the "Keystore" or "Truststore" of your JRE. It contains all certificates that are trusted by your JRE. You can add / remove certificates from the truststore.
To easily add / remove certificates, you can use the GUI Programm Keystore Explorer.

Option 1 Using Keystore Explorer and the default Truststore

1. Open the truststore with the Keystore Explorer.
   
   (The truststore should be under <JRE-HOME>/lib/security/cacerts, The default password should be "changeit" or "changeme")

2. Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer

3. Click "import" and Save the truststore

Now your JRE installation is ready to consume the webservice.

---

Option 2 Using Keystore Explorer and a separate Truststore

1. Copy your default truststore into your project. The path of the default truststroe is: <JRE-HOME>/lib/security/cacerts

2. Open the copied truststore with the Keystore Explorer.
   
   (The default password should be "changeit" or "changeme")

3. Drag and drop the ".crt" file into the opened truststore in the Keystore Explorer

4. Start your programm with the following VM-Arguments:

   -Djavax.net.ssl.trustStore [path-to-copied-truststore]
   
   -Djavax.net.ssl.trustStorePassword [truststore password]

---

Option 3 Using 2 Truststores (Default + Separate Truststore)

If you want to use the default truststore and a separate one for the Website refer to this post https://stackoverflow.com/a/24561444/1638059

How do I use an SSL client certificate with jersey client in java

I found the solution. I just need to add certificate to the java KeyStore This helped me

How to make Jersey ignore ssl certificate error?

Please note that trusting all certificates is extremely risky. Be careful when doing it.

The following piece of code is not much different from the one shown in yukuan's answer. However, the following solution uses only the JAX-RS Client API. In theory, it should work with other JAX-RS implementations too:

TrustManager[] trustManager = new X509TrustManager[] { new X509TrustManager() {

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType) {

    }

    @Override
    public void checkServerTrusted(X509Certificate[] certs, String authType) {

    }
}};

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManager, null);

Client client = ClientBuilder.newBuilder().sslContext(sslContext).build();

---

^{Note 1: At the time of writing, the standard solution described above won't work with RESTEasy. RESTEasy delegates HTTP calls to HttpClient from the Apache HttpComponents project. To trust all certificates with RESTEasy, the HttpClient must be customized. For more details, have a look at this answer.}

^{Note 2: You may find https://badssl.com a useful resource to test clients against bad SSL configs.}

Jersey error to connect to service using https on Java 6

If I understand correctly, you get the SSLException in your client application which runs under Java 6. In this client you are trying to access a service hosted on Wildfly 9, which is using Java 7 or higher. This means the server is using a different security mechanism. I stumbled upon the same earlier and as you can see there is no conclusion to that post either.

And it makes sense if you think about it, why make it possible for the developer to create services which are using outdated and unsafe security mechanisms?

Eventually we decided to go with a JDK update. You could also attempt to host JBoss 4 under JDK7. For example here you could find some interesting writings on the topic.

Ignore self-signed ssl cert using Jersey Client

After some searching and trawling through some old stackoverflow questions I've found a solution in a previously asked SO question:

• Question: Java client certificates over HTTPS/SSL
• Answer Java client certificates over HTTPS/SSL

Here's the code that I ended up using.

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
    public X509Certificate[] getAcceptedIssuers(){return null;}
    public void checkClientTrusted(X509Certificate[] certs, String authType){}
    public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("TLS");
    sc.init(null, trustAllCerts, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
    ;
}

---

Related Topics