Hello,
I was wondering if anyone had some ideas or experience on the following
matter.
So I am trying to run my Restlet-based app in our QA environment. In that
environment I am using a self-signed certificate for Tomcat's HTTPS on the
server side.
My client code is also using Restlet, and I am unable to communicate with
the HTTPS Restlet server.
After doing a bit of research and poking around, I am under the suspicion
that HttpClient is rejecting my self-signed certificate. There isn't any
activity in the logs on the Restlet server when I try and make a HTTPS call
using the Restlet client. HTTP calls work fine. Also, I am able to
successfully make HTTPS calls against the Restlet server when using the
'curl' program on the command line, albeit with specifying the --insecure
option so it ignores the certificate.
At this point I have determined I have two options:
1. Persuade Restlet Client to have HttpClient use the
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory for
handling HTTPS requests
2. Just use HttpClient directly and have it use the
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.
One thought of mine I am still trying to test is to just something along the
lines of:
org.apache.commons.httpclient.protocol.Protocol easyhttps =
new org.apache.commons.httpclient.protocol.Protocol(
"https",
new
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory(),
443);
org.apache.commons.httpclient.protocol.Protocol
.registerProtocol("https", easyhttps);
right before calling:
restClient = new Client(Protocol.HTTPS);
Which I just tried and does not appear to work. For now I am going to
abandon the Restlet client and go try and get an HttpClient call working
first.
Would it be worthwhile to add a 'HTTPS_EASY' to the Restlet Protocol class
that would use the EasySSLProtocolSocketFactory? Is there another way to
get the Restlet client to communicate with HTTPS servers using self-signed
certificates?
This would be a nice feature to have for doing testing. Or when the program
doesn't really care about the origins of a certificate of the other party,
just that it uses a secure channel to communicate.
-Eben
