Hi, As mentioned by Stephan, you should use the JSSE Configuration utility : http://camel.apache.org/http4.html#HTTP4-UsingtheJSSEConfigurationUtility (see --> Configuring Apache HTTP Client Directly)
Regards, Charles On Tue, Aug 12, 2014 at 7:35 AM, Siano, Stephan <[email protected]> wrote: > Hi, > > Is the certificate really self signed, or did they just sign it themselves > (the difference is that a self signed certificate is signed by itself > whereas a certificate they signed by themselves is a certificate that is > signed with a different certificate, but not one, that has a CA chain > ending in a public CA as stored in the default Java truststore)? The > TrustSelfSignedStrategy really only trusts self-signed certificates. > > Why don't you download the certificate (or it's root certificate), put it > into a java key store, and configure that as a trust store either as > described here > http://camel.apache.org/http4.html#HTTP4-UsingtheJSSEConfigurationUtility > (or with a HTTPClientConfigurer)? > > Best regards > Stephan > > -----Original Message----- > From: andyredhead [mailto:[email protected]] > Sent: Montag, 11. August 2014 23:37 > To: [email protected] > Subject: Camel 2.13.1 HTTP4 HttpClientConfigurer for self signed > certificates > > Hi, > > apologies if this has already been asked (and answered before). > > I'm trying to set up an HTTP4 endpoint that communicates with a remote > server that has a self signed SSL certificate. > > Long term we will figure out a sensible way to manage the certificates. > > In the short term I just want to get the communication working... which > means I'd like to set up the HTTP4 end point to accept the self signed > certificate. > > Reading around, it looks like the general solution is to create an > HttpClientConfigurer, register it as a bean in the XML config and reference > it from the endpoint URL. > > There are plenty of examples for older versions of the Camel API, where the > method to implement in the HttpClientConfigurer is: > > public void configureHttpClient(org.apache.http.client.HttpClient > client) > > However, in Camel 2.13.x the signature appears to be: > > public void configureHttpClient(HttpClientBuilder clientBuilder) > > Regardless of how I implement that method, I end up with the familiar > exception: > > Caused by: sun.security.validator.ValidatorException: PKIX path > building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > Does anyone have an example of how to implement an HttpClientConfigurer for > Camel 2.13.x such that the HTTP4 end point will accept self signed > certificates (or suggest a better way of achieving the goal)? > > My current effort looks like: > > public void configureHttpClient(HttpClientBuilder clientBuilder) { > SSLContextBuilder builder = new SSLContextBuilder(); > try { > builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); > SSLContext sslcontext = builder.build(); > clientBuilder.setSslcontext(sslcontext); > > SSLConnectionSocketFactory sslsf = new > SSLConnectionSocketFactory(sslcontext, > SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); > clientBuilder.setSSLSocketFactory(sslsf); > clientBuilder.setHostnameVerifier( > SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); > > } catch (KeyStoreException e) { > logger.warn("configureHttpClient - problem creating self signed trust", > e); > } > } > > Thanks, Andy > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/Camel-2-13-1-HTTP4-HttpClientConfigurer-for-self-signed-certificates-tp5755062.html > Sent from the Camel - Users mailing list archive at Nabble.com. > -- Charles Moulliard Apache Committer / Architect @RedHat Twitter : @cmoulliard | Blog : http://cmoulliard.github.io
