I think that makes sense. I don't know how Python does it but using that was very easy. I'm not familiar with having to generate a keystore or trust store or both (which one do I use?) to get at public SSL sites. Perhaps document how to do it if it was a self signed or internally signed certificate but ideally it should be easy for public internet sites. On Sat, 5 Sep 2015 at 2:31 pm Joe Witt <[email protected]> wrote:
> would it be feasible to try and look for reasonable default locations > to find prebuilt keystores to make this sort of thing easier? > > ...in addition to documenting it of course. > > Thanks > Joe > > On Fri, Sep 4, 2015 at 9:10 PM, Aldrin Piri <[email protected]> wrote: > > The issue for those sites is you need a set of root certificates for the > > common sites on the web much the same way a browser comes bundled with > them. > > > > The Linux distributions typically come with a prebuilt truststore when > Java > > is installed and it lives within /etc/pki/. Exact location escapes me at > the > > moment. If you are in another environment, let us know and we can try to > > help get you setup there. > > > > Several people run into this because that one-way SSL is one of those > things > > that just works (or is bypassed/ignored when it is not). Not sure if we > > should have a processor equivalent to a curl -k param (gut feel is a no), > > but this is at least FAQ material. > > > > On Fri, Sep 4, 2015 at 23:44 Chris Teoh <[email protected]> wrote: > >> > >> Hmm sorry I'm not sure. I just want to do a GET request from a site that > >> returns me JSON like I would using a web browser or a Python script > where > >> I'm guessing the certificate side of things are already working. > >> On Sat, 5 Sep 2015 at 1:41 pm Joe Witt <[email protected]> wrote: > >>> > >>> Chris, > >>> > >>> It's quite common to interact with SSL services using 1-way or 2-way > >>> SSL. Are you just wanting to hit something with 1-way SSL? What > >>> happens when you try it? > >>> > >>> Thanks > >>> Joe > >>> > >>> On Wed, Sep 2, 2015 at 3:32 PM, Chris Teoh <[email protected]> > wrote: > >>> > Hi, > >>> > > >>> > I'm still a little lost on how to do a GET on ssl sites. The standard > >>> > ssl > >>> > context controller configuration is baffling. Is there anyone that > has > >>> > done > >>> > this? I'm trying to consume public internet ssl site. > >>> > > >>> > Kind regards > >>> > Chris >
