Set SSL Client Certificate #684
Comments
|
there was a similar thing - maybe you can have a look at #623 |
|
for filtering out you can have a look at the comment of method setSSLClientCertificate |
|
Yeah I know. The problem is that if I load the entire KeyStore, it chooses the first Certificate in that KeyStore ... if I have multiple Certificates well I can't choose a specific one (they are all valid and usable). I have multiple certificates that I use for different websites, and of course they are on a USB stick so I can't store them and build another KeyStore. |
|
but you can wrap the key store and provide only the one required |
|
but i will have a look again, maybe we can provide a more convenient way to do that, or maybe we can have a default impl for that use case |
|
What do you mean by wrapping the KeyStore? I don't really get that, sorry |
|
Implement a keystore, that forwards most of the methods to the containing keystore but filters the certificates. |
Not even this works because in the setSSLClientCertificate you retrieve the entire KeyStore again. |
Can we do this together - i will update the impl and the documentation and you do the review and testing? |
|
@alexvrv ok my hint with the wrapped keystore was totally wrong - there is no way to implement such a wrapper. Instead you can create a new (in memory) KeyStore and add only the certificates you like to use. see https://www.baeldung.com/java-keystore for some hints how to do this Then you set this KeyStore using WebClientOptions.setSSLClientCertificateKeyStore(KeyStore, char[]) Does this work for you? |
Sure! |
I've tried this but it works only with PKCS12. I have PKCS11 (certificates on a USB memory stick) which cannot be stored... I can't save the private key and move it into a "in memory" keystore :( |
|
@alexvrv maybe is still on the wrong path: My current understanding is
Correct? |
|
and the solution from #623 does not work - reading all three and then remove the not used ones? |
I have 3 USB sticks, each having their own certificate. The rest is correct. |
This method kind of works. I can delete the not used certificates, but they get deleted for good. If I want to use another certificate (that I've deleted earlier) I need to reinstall it xD |
|
Any news about this? :( |
|
made a new snapshot build - @alexvrv please have a look at the impl and please try |
|
Snapshot 4.5.0 isn't working as intended in my PR .... |
|
Some more details please |
|
I don't have much more details other than the, using the SNAPSHOT it doesn't set the SSLContext that i'm providing ... works perfectly with my changes that I've submitted in the PR EDIT: i had the setUseInsecureSSL(true), without it works. So I guess it was my bad. |
|
there was also a stupid error in my code - snapshot is updated |
|
I've just refreshed the dependencies and tested. Works perfectly! Thank you! |
|
Ok, great will close this. Many thanks for your contribution. |
Hi, is there a way to set a specific Certificate (X509Certificate) for a SSL connection? I see options to set one but it requires a InputStream which I don't have. In the KeyStore I have 3 certificates and I need to be able to use a specific one. Or maybe a SSLContext like JSOUP uses
SSLContext sc = SSLContext.getInstance("TLS"); sc.init(new X509ExtendedKeyManager[] {km}, null, null); Jsoup.connect(URL).sslSocketFactory(sc.getSocketFactory()).ignoreContentType(true).execute();The text was updated successfully, but these errors were encountered: