I want to create SSL connection. I have created .cer file from .ks file using the keystore explorer 5.4.4. Used below code for creating the SSLContext. loadKeyMaterial method has tried with and without pwd.
InputStream keyStoreStream = new FileInputStream("D:\\certificate\\some.cer");
KeyStore keyStore = KeyStore.getInstance("JKS"); // or "PKCS12"
keyStore.load(keyStoreStream, "pwd".toCharArray());
SSLContext sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, null).build();
CloseableHttpClient httpClient =HttpClients.custom().setSSLContext(SSLContext).build();
httpClient is being used to call api.. I get following error and i am sure generated certificate does not have any issues...
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at sun.security.provider.KeyStoreDelegator.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
I have also tried with custom SSLSocketFactory...
char[] password = "pwd".toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
FileOutputStream out = new FileOutputStream("certificate_path.cer");
keyStore.store(out, password);
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(keyStore, password)
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.2" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionFactory).build();
httpClient is being used to call api.. but here I get some other error....
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
You've to add the issuer certificates into the keystore. Issuer certificate will be use to validate the identity of target server to whom your system trying connecting to. For more details please refer to the following link.
https://stackoverflow.com/a/63491078/9926179