Use Client Certificate Authentication with Java and RestTemplate

As a follow up of the http://gochev.blogspot.com/2019/04/convert-pfx-certificate-to-jks-p12-crt.html we now have a keystore and a truststore (if anyone needs) and we will use this keystore to send client side authentication using Spring's RestTemplate .First copy your keystore.jks and truststore.jks in your classpath, no one wants absolute paths right ?:)The magic happens in the creation of SSLContext. Keep in mind the Spring Boot have a nice RestTemplateBuilder but I will not gonna use it, because someone of you might have an older version or like me, might just use a plain old amazing Spring.If you just want to use the keystore:final String allPassword = "123456";SSLContext sslContext = SSLContextBuilder                .create()                .loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"),                                    allPassword.toCharArray(), allPassword.toCharArray())                .build();if you just want to use the truststorefinal String allPassword = "123456";SSLContext sslContext = SSLContextBuilder                .create()                .loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())                .build();I guess you know how to use both ;), if you want to IGNORE the truststore certificate checking and trust ALL certificates (might be handy for testing purposes and localhost)final String allPassword = "123456";TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;SSLContext sslContext = SSLContextBuilder                .create()                .loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())                .loadTrustMaterial(null, acceptingTrustStrategy) //accept all                .build();Ones you have the sslContext...

Convert PFX certificate to JKS, P12, CRT

I recently had to use a PFX certificate for client authentication (maybe another post will be coming) and for that reason I had to convert it to a Java keystore (JKS). We will create BOTH a truststore and a keystore, because based on your needs you might need one or the other. The difference between truststore and keystore if you are not aware is(quote from the JSSE ref guide: TrustManager: Determines whether the remote authentication credentials (and thus the connection) should be trusted.KeyManager: Determines which authentication credentials to send to the remote host.Ok that's enough what you will need is openssl and Java 7+ ;) !First let's generate a key from the pfx file, this key is later used for p12 keystore.openssl pkcs12 -in example.pfx -nocerts -out example.key  Enter Import Password:MAC verified OKEnter PEM pass phrase:Verifying - Enter PEM pass phrase:As shown here you will be asked for the password of the pfx file, later you will be asked to enter a PEM passphase lets for example use 123456 for everything here.The second commands is almost the same but it is about nokey and a crt this time openssl pkcs12 -in example.pfx -clcerts -nokeys -out example.crtEnter Import Password:MAC verified OKNow we have a key and and a crt fileNext step is to create a truststore.keytool -import -file example.crt -alias exampleCA -keystore truststore.jksEnter keystore password:Re-enter new password:Owner: CN=............Trust this certificate? [no]:  yesCertificate was added to keystoreAs you can see here you just import this crt file into a jks truststore and set some password. For the question do you trust this certificate you say yes, so it is added in the truststore.We are done if you only need a...

Youtube video channel of the Bulgarian Java User Group

Bad news everyone,as you already have noticed I do not have time to write blogs :(However I would recommend you to check and keep an eye on the youtube channel of the Bulgarian Java User Group (http://jug.bg) which is https://www.youtube.com/user/BulgarianJUG/You can enjoy all the jprime conference video recordings at https://www.youtube.com/user/BulgarianJUG/playlists but also checkout the videos tab since we have a lot of non jprime videos uploaded as well and maybe at some point you can even see me...

jPrime 2018 videos freely available

Good news everyone,the videos of jPrime 2018 are freely available at https://www.youtube.com/watch?v=xs3heuY21Z0&list=PLcqA4DRMgIYvGPZfrK0EcMxEQCrtSl9A3Also in Youtube Bulgarian Java User Group channel you may find a lot of helpful Java related videos from jPrime 2017, 2016, 2015 or other Bulgarian Java User Group talks and activities : https://www.youtube.com/user/BulgarianJUG/Hope to see everyone of you at jPrime 2019 !Or some of the Bulgarian Java User Group (jug.bg) or java beer events...