March 3, 2017

Private Key SSL Connection to Self-Signed Website Using Java

I recently had to write a Java web client to a external website with a self-signed certificate and secured with a private key. This was not something that I have done before; most of my work has been within company firewalls. There is a lot of information on the web about how to do parts of this but not how to do the whole thing.

Test Key and Certificates

First you need to test the signing authority, certificate are working using wget to return a page of the website:

wget --ca-certificate eagle_ca.crt --certificate eagle.crt --private-key eagle.key “https://some.website.com”

Create PCKS12 File

The second part required the creation of a PCKS12 file to contain the certificate, signing authority certificate and private key. I did this using openssl. You can install openssl on a Debian/Ubuntu system using apt-get.

sudo apt-get install openssl
openssl pkcs12 -export -in eagle.crt -inkey eagle.key -CAFile eagle_ca.crt -caname root -name eagle -out eagle.p12

You will be asked to provide a password to restrict access to the eagle.p12 file.

Java SSL Context Class

I then wrote a Java class to setup the SSL context that used the PCKS file. Once the class is created and the setSslContext method is run future requests will use the created SSL context by default. To save space, here is a link to download the Java code.

Topics: Big data technology, Bioinformatics, java, openssl, secure, ssl