Hi, Is the certificate really self signed, or did they just sign it themselves (the difference is that a self signed certificate is signed by itself whereas a certificate they signed by themselves is a certificate that is signed with a different certificate, but not one, that has a CA chain ending in a public CA as stored in the default Java truststore)? The TrustSelfSignedStrategy really only trusts self-signed certificates.
Why don't you download the certificate (or it's root certificate), put it into a java key store, and configure that as a trust store either as described here http://camel.apache.org/http4.html#HTTP4-UsingtheJSSEConfigurationUtility (or with a HTTPClientConfigurer)? Best regards Stephan -----Original Message----- From: andyredhead [mailto:[email protected]] Sent: Montag, 11. August 2014 23:37 To: [email protected] Subject: Camel 2.13.1 HTTP4 HttpClientConfigurer for self signed certificates Hi, apologies if this has already been asked (and answered before). I'm trying to set up an HTTP4 endpoint that communicates with a remote server that has a self signed SSL certificate. Long term we will figure out a sensible way to manage the certificates. In the short term I just want to get the communication working... which means I'd like to set up the HTTP4 end point to accept the self signed certificate. Reading around, it looks like the general solution is to create an HttpClientConfigurer, register it as a bean in the XML config and reference it from the endpoint URL. There are plenty of examples for older versions of the Camel API, where the method to implement in the HttpClientConfigurer is: public void configureHttpClient(org.apache.http.client.HttpClient client) However, in Camel 2.13.x the signature appears to be: public void configureHttpClient(HttpClientBuilder clientBuilder) Regardless of how I implement that method, I end up with the familiar exception: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Does anyone have an example of how to implement an HttpClientConfigurer for Camel 2.13.x such that the HTTP4 end point will accept self signed certificates (or suggest a better way of achieving the goal)? My current effort looks like: public void configureHttpClient(HttpClientBuilder clientBuilder) { SSLContextBuilder builder = new SSLContextBuilder(); try { builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLContext sslcontext = builder.build(); clientBuilder.setSslcontext(sslcontext); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); clientBuilder.setSSLSocketFactory(sslsf); clientBuilder.setHostnameVerifier( SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (KeyStoreException e) { logger.warn("configureHttpClient - problem creating self signed trust", e); } } Thanks, Andy -- View this message in context: http://camel.465427.n5.nabble.com/Camel-2-13-1-HTTP4-HttpClientConfigurer-for-self-signed-certificates-tp5755062.html Sent from the Camel - Users mailing list archive at Nabble.com.
