We are using a Jetty server along with Spring security framework. The server should accept requests from only from a known client (Which is also a server). We want to configure client certificates so that Jetty accepts only the requests with the known client certificate.
How can we configure the server?
All we need to do is set NeedClientAuth in jetty-ssl-config.xml to true. No change is needed in Spring config.
Related
I have an Spring Boot application using ActiveMQ which has enabled SSL. Its cert is self-signed and hostname does not match.
Since this is a local test I do not want it to verify SSL cert.
I know for REST client, we can use a messy combination of SSLContext, X509TrustManager, etc.
But for ActiveMQ almost everything is managed by Spring Boot. I only provide ActiveMQ url and credential.
Is there somewhere to inject ActiveMQ session?
To disable all verification you can set trustAll=true on your ActiveMQ connection URL, e.g.:
ssl://hostname:61616?trustAll=true
I have two different spring boot application with SSL enabled in it and also there is an eureka discovery server and these two applications are linked to eureka server.I need to make some https call between these two SSL enabled applications. So I decided to go ahead with feign client .Eureka is able to resolve https url properly for feign client. But while making the call I'm getting "unable to find valid certification path to requested target". I can understand this error is because public key of my client application is not present in truststore of the application from which I'm making feign call. I have already added the public key in my custom truststore, But it is of no use.Property file for the same is below
server.ssl.enabled=true
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password= Pass#123
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias= springboot
server.ssl.trust-store=classpath:springboot.jks
server.ssl.trust-store-password=Pass#123
eureka.instance.nonSecurePortEnabled=false
eureka.instance.securePortEnabled=true
After digging more into the issue I found that "server.ssl.trust-store" property will set truststore in the embeded tomcat server of spring boot application, But some have my https call is taking default JDK truststore. When I added system properties in my application then everything is working fine. But with spring boot properties file configuration it is not working .
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
I feel setting system properties is an workaround and I'm looking for a better solution .
I even tried enabling ribbon client and added "ribbon.IsSecure=true" property also. But still getting the same issue.
Can someone please provide a suggestion for the same.
Thank you
Can anybody provide me with a code sample to access rest service url secured with https using spring rest template.
I have the certificate(.pfx format) password and send cient side certificate to server. server side is used on the client side certificate and established the connection
I want to create a springboot application that work as 2 way SSL between client and server.
Thanks.
I created a sample Spring Boot application that demonstrates how to create a RestTemplate that is configured for SSL client authentication. The sample application acts as the server as well which requires SSL mutual authentication (to demonstrate usage via the test case). In practice, the RestTemplate bean would interact with an external service. Hope this helps.
https://github.com/steve-oakey/spring-boot-sample-clientauth
I should note that the most important part of the example is creating the SSLContext. There are plenty of ways to create the SSLContext, I chose a method that uses the SSLContextBuilder from the org.apache.httpcomponents:httpclient library. Other methods such as using the Java API directly, or setting the javax.net.ssl.* JVM properties would also work.
I am creating a Spring Boot integration with Tomcat for Soap WebService application
We are calling other Soap WebServices inside it, which are running in https protocol.
Could you please help me how to config SSL for external servers?
First of all, if these external servers have their own legal trusted certificates, you don't need to do anything.
But if not and you trust these external servers, you can skip certificates verification for those servers as How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?.
Or just skip specific host as SSLHandshakeException: No subject alternative names present.
Wish it could help.
I'm using Spring Integration - HTTP Adaptor.
Now, I want to make it HTTPS. Please let me know how to implement it.
If you mean on the client (outbound) side, simply use an https://... url.
If you mean on the server (inbound) side, then configure your servlet container to use SSL.