Level 2

REST API Call using SSL Certificate

Forum|Forum|2 years ago
March 14, 2023
1 reply
5085 views

Hi All,

We are doing REST API call integration. For this REST API call integration, we need to add a trusted SSL Certificate.
We are exploring 2 approaches:

1. Add the certificate into AEM Truststore, and then get the truststore as a keystore object. Next, added the keystore object into SSLContext, and added the sslContext into HTTPClient to call the API. We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

2. The second approach is - to add the certificate to the java keystore (cacerts), restarted AEM instance and called the API using HTTPClient. We are still getting the same "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

If anyone has done a similar implementation, please advise us.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

TarunKumar

Community Advisor

HI @dave2511 ,

Can you verify if your certificate is getting stored under "/etc/truststore" in CRX. Also please try to compare your logic with below and check if something is missing.

import com.adobe.granite.keystore.KeyStoreService;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.sling.api.resource.ResourceResolver;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/**
 * The type PublicKeyCertificate Service.
 */
@Component(name = "PubliccKey Certificate Service", service = PublicKeyCertificate.class, immediate = true)
public class PublicKeyCertificate {

    private static final Logger LOG = LoggerFactory.getLogger(PublicKeyCertificate.class);
    @Reference
    private KeyStoreService keyStoreService;

    public PublicKey getPublicKeyFromAlias(ResourceResolver resourceResolver, String certAlias) {
        KeyStore trustStore = this.keyStoreService.getTrustStore(resourceResolver);
        PublicKey publicKey = null;
        try {
            if (trustStore != null) {
                X509Certificate crt = (X509Certificate) trustStore.getCertificate(certAlias);
                publicKey = crt.getPublicKey();
            }
        } catch (Exception ex) {
            LOG.error("Exception in getting the public key from certificate:{}", ExceptionUtils.getStackTrace(ex));
        }
        return publicKey;
    }
}

Hope that helps!

D

Dave2511Author

Level 2

Hi Tarun Kumar,

We are using this PublicKeyCertificate class as well to get truststore/keystore and public key. From this class, we are getting truststore/keystore and public key successfully, but when we add the keystore object into SSLContext object, and add the sslContext into HTTPClient to call the API (as shown below screenshot). We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded