Got it to work with a Custom SSL Socket! Not sure why this is necessary. The
key store and trust store are specified when starting tomcat or running java.
public class MySocketFactory extends SSLSocketFactory {
... ...
static {
try {
instream1 = new FileInputStream
(new File("/usr/local/ssl/certs/my.p12"));
keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(instream1, keystorePassword.toCharArray());
instream2 = new FileInputStream
(new File("/usr/local/java/jre/lib/security/cacerts"));
trustStore = KeyStore.getInstance("jks");
trustStore.load(instream2, keystorePassword.toCharArray());
} catch (Exception e) {
log.error ("Failed to load key and trust store", e);
} finally {
try {
instream1.close();
instream2.close();
} catch (Exception e) {}
}
}
public MySocketFactory ()
throws NoSuchAlgorithmException,
KeyManagementException,
KeyStoreException,
UnrecoverableKeyException {
super(keyStore, keystorePassword, trustStore);
}
public Socket createSocket(HttpParams params)
throws IOException {
return (SSLSocket) super.createSocket(params);
}
public Socket createLayeredSocket(final Socket socket,
final String host,
final int port,
final boolean autoClose)
throws IOException, UnknownHostException {
SSLSocket sslSocket =
(SSLSocket) super.createLayeredSocket(socket,
host,
port,
autoClose);
getHostnameVerifier().verify(host, sslSocket);
return sslSocket;
}
}
