Hi, Raul, I use this technique:
http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html But I usually change the name of the scheme to something like "https-foo://", so that only "https-foo://" uses the client cert, and "https://"; continues to behave as before. So maybe more like this: HttpSecureProtocol f = new HttpSecureProtocol(); // might as well trust the usual suspects: f.addTrustMaterial(TrustMaterial.CACERTS); // add client cert char[] pwd = {'p','w','d'}; f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd); Protocol clientHttps = new Protocol("https-foo", f, 443); Protocol.registerProtocol("https-foo", clientHttps); HttpClient client = new HttpClient(); GetMethod httpget = new GetMethod("https-foo://www.server.com/"); client.executeMethod(httpget); NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and that you're using that instead of compiling the httpclient "contrib" code on your own. Not-Yet-Commons-SSL already has these in its jar file: AuthSSLProtocolSocketFactory EasySSLProtocolSocketFactory StrictSSLProtocolSocketFactory Good luck! It's been working well for me for years. yours, Julius On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote: > I don't want to omit keystore and truststore; I'm doing bidirectional > (client and server) SSL authentication, that's the whole point. > > Do you know why I get the SocketException? In general, has anyone > successfully done both client and server SSL authentication with > HttpClient without using the javax.net.ssl.keyStore and trustStore > properties? > > Raul > > > On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote: > > > > > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote: > >> Is there a way to do client authentication with HttpClient without > >> setting javax.net.ssl.keyStore? > >> > >> I tried the following code after building the contrib files: > >> > >> HttpClient httpClient = new HttpClient(); > >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks"); > >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks"); > >> AuthSSLProtocolSocketFactory socketFactory = > >> new AuthSSLProtocolSocketFactory( > >> keyStoreURL, "keyStorePassword", trustStoreURL, > >> "trustStorePassword"); > >> Protocol httpsProtocol = new Protocol(url.getProtocol(), > >> socketFactory, url.getPort()); > >> httpClient.getHostConfiguration().setHost(url.getHost(), > >> url.getPort(), httpsProtocol); > >> > >> But this fails with: > >> > >> java.net.SocketException: Default SSL context init failed: null > >> > >> Thanks, > >> > >> Raul Acevedo > >> http://www.cantara.com > >> > > > > Paul, > > > > (1) Keystore is optional. You can safely omit it. > > (2) Implement a custom trust manager that trusts anything. This way > > you > > will not need a truststore. > > (3) Implement your own protocol socket factory that initializes the > > SSL > > context with your own trust-anything trust manager. You can use > > EasySSLProtocolSocketFactory as a starting point. > > > > Hope this helps, > > > > Oleg > > > >> -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
