Adobe Experience Manager Sites & More

Dave2511 · 3/13/23

Hi All,

We are doing REST API call integration. For this REST API call integration, we need to add a trusted SSL Certificate.
We are exploring 2 approaches:

1. Add the certificate into AEM Truststore, and then get the truststore as a keystore object. Next, added the keystore object into SSLContext, and added the sslContext into HTTPClient to call the API. We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

2. The second approach is - to add the certificate to the java keystore (cacerts), restarted AEM instance and called the API using HTTPClient. We are still getting the same "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

If anyone has done a similar implementation, please advise us.

TarunKumar · 3/14/23

HI @Dave2511 ,

Can you verify if your certificate is getting stored under "/etc/truststore" in CRX. Also please try to compare your logic with below and check if something is missing.

import com.adobe.granite.keystore.KeyStoreService;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.sling.api.resource.ResourceResolver;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/**
 * The type PublicKeyCertificate Service.
 */
@Component(name = "PubliccKey Certificate Service", service = PublicKeyCertificate.class, immediate = true)
public class PublicKeyCertificate {

    private static final Logger LOG = LoggerFactory.getLogger(PublicKeyCertificate.class);
    @Reference
    private KeyStoreService keyStoreService;

    public PublicKey getPublicKeyFromAlias(ResourceResolver resourceResolver, String certAlias) {
        KeyStore trustStore = this.keyStoreService.getTrustStore(resourceResolver);
        PublicKey publicKey = null;
        try {
            if (trustStore != null) {
                X509Certificate crt = (X509Certificate) trustStore.getCertificate(certAlias);
                publicKey = crt.getPublicKey();
            }
        } catch (Exception ex) {
            LOG.error("Exception in getting the public key from certificate:{}", ExceptionUtils.getStackTrace(ex));
        }
        return publicKey;
    }
}

Hope that helps!

Dave2511 · 3/14/23

Hi Tarun Kumar,

We are using this PublicKeyCertificate class as well to get truststore/keystore and public key. From this class, we are getting truststore/keystore and public key successfully, but when we add the keystore object into SSLContext object, and add the sslContext into HTTPClient to call the API (as shown below screenshot). We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

Adobe Experience Manager Sites & More

REST API Call using SSL Certificate

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe