Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list

REST API Call using SSL Certificate

Avatar

Level 1

Hi All,

We are doing REST API call integration. For this REST API call integration, we need to add a trusted SSL Certificate.
We are exploring 2 approaches:

1. Add the certificate into AEM Truststore, and then get the truststore as a keystore object. Next, added the keystore object into SSLContext, and added the sslContext into HTTPClient to call the API. We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

 

Dave2511_0-1678776400143.png

Dave2511_1-1678776643171.png

 

2. The second approach is - to add the certificate to the java keystore (cacerts), restarted AEM instance and called the API using HTTPClient. We are still getting the same "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

Dave2511_2-1678776746427.png

 


If anyone has done a similar implementation, please advise us.

2 Replies

Avatar

Level 5

HI @Dave2511 ,

Can you verify if your certificate is getting stored under  "/etc/truststore" in CRX. Also please try to compare your logic with below and check if something is missing.

import com.adobe.granite.keystore.KeyStoreService;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.sling.api.resource.ResourceResolver;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/**
 * The type PublicKeyCertificate Service.
 */
@Component(name = "PubliccKey Certificate Service", service = PublicKeyCertificate.class, immediate = true)
public class PublicKeyCertificate {

    private static final Logger LOG = LoggerFactory.getLogger(PublicKeyCertificate.class);
    @Reference
    private KeyStoreService keyStoreService;

    public PublicKey getPublicKeyFromAlias(ResourceResolver resourceResolver, String certAlias) {
        KeyStore trustStore = this.keyStoreService.getTrustStore(resourceResolver);
        PublicKey publicKey = null;
        try {
            if (trustStore != null) {
                X509Certificate crt = (X509Certificate) trustStore.getCertificate(certAlias);
                publicKey = crt.getPublicKey();
            }
        } catch (Exception ex) {
            LOG.error("Exception in getting the public key from certificate:{}", ExceptionUtils.getStackTrace(ex));
        }
        return publicKey;
    }
}

 Hope that helps!

Avatar

Level 1

Hi Tarun Kumar,

 

We are using this PublicKeyCertificate class as well to get truststore/keystore and public key. From this class, we are getting truststore/keystore and public key successfully, but when we add the keystore object into SSLContext object, and add the sslContext into HTTPClient to call the API (as shown below screenshot). We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception. 

Dave2511_0-1678786732732.png