On Thu, 2013-11-28 at 20:11 +0100, Joan Balagueró wrote: > Hello Oleg, > > Thanks. I've been seeing some HttpClient samples. Some of them set the > trustStore/keyStore directly to the SSLSocketFactory.
SSLSocketFactory constructors internally create an SSLContext instance and initialize it with the trust / key material passed as parameters. > And others create an SSLContext with them and then set this SSLContext to > the SSLSocketFactory. Any advantage from one respect to the other? > No, not really. Simply a matter of convenience. > Furthermore, when using SSLContext we need to create an instance using the > secure socket protocol. Is there any way to accept all secure protocols? > I am not sure what you mean by that. Exactly wha > Thanks, > > Joan. > > -----Mensaje original----- > De: Oleg Kalnichevski [mailto:ol...@apache.org] > Enviado el: jueves, 28 de noviembre de 2013 10:24 > Para: HttpClient User Discussion > Asunto: Re: SSL connection > > On Wed, 2013-11-27 at 19:24 +0100, Joan Balagueró wrote: > > Hello, > > > > > > > > I have an application (servlet running on tomcat) that must send a > > https request to a server that requires client authentication. > > > > > > > > Tomcat has correctly installed the truststore and keystore. But I > > understand that when our app sends the https request, I have to attach > > the client authentication required by the server. > > > > > > > > Can anyone address to any doc where I can see how to do this? > > > > > > > > Thanks, > > > > > > > > J. > > > > There is enough good material on SSL fundamentals on the web. Just google it > out. > > As far as HC APIs are concerned SSLContextBuilder should help you set up the > correct SSL context for your application. Most likely you will need to load > the private key and add it to the context using this method [1]. > > Oleg > > [1] > http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/apidocs/org/apache/http/conn/ssl/SSLContextBuilder.html#loadKeyMaterial%28java.security.KeyStore,%20char[],%20org.apache.http.conn.ssl.PrivateKeyStrategy%29 > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
