Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

REST API Call using SSL Certificate

Avatar

Level 1

Hi All,

We are doing REST API call integration. For this REST API call integration, we need to add a trusted SSL Certificate.
We are exploring 2 approaches:

1. Add the certificate into AEM Truststore, and then get the truststore as a keystore object. Next, added the keystore object into SSLContext, and added the sslContext into HTTPClient to call the API. We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

 

Dave2511_0-1678776400143.png

Dave2511_1-1678776643171.png

 

2. The second approach is - to add the certificate to the java keystore (cacerts), restarted AEM instance and called the API using HTTPClient. We are still getting the same "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception.

Dave2511_2-1678776746427.png

 


If anyone has done a similar implementation, please advise us.

2 Replies

Avatar

Community Advisor

HI @Dave2511 ,

Can you verify if your certificate is getting stored under  "/etc/truststore" in CRX. Also please try to compare your logic with below and check if something is missing.

import com.adobe.granite.keystore.KeyStoreService;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.sling.api.resource.ResourceResolver;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/**
 * The type PublicKeyCertificate Service.
 */
@Component(name = "PubliccKey Certificate Service", service = PublicKeyCertificate.class, immediate = true)
public class PublicKeyCertificate {

    private static final Logger LOG = LoggerFactory.getLogger(PublicKeyCertificate.class);
    @Reference
    private KeyStoreService keyStoreService;

    public PublicKey getPublicKeyFromAlias(ResourceResolver resourceResolver, String certAlias) {
        KeyStore trustStore = this.keyStoreService.getTrustStore(resourceResolver);
        PublicKey publicKey = null;
        try {
            if (trustStore != null) {
                X509Certificate crt = (X509Certificate) trustStore.getCertificate(certAlias);
                publicKey = crt.getPublicKey();
            }
        } catch (Exception ex) {
            LOG.error("Exception in getting the public key from certificate:{}", ExceptionUtils.getStackTrace(ex));
        }
        return publicKey;
    }
}

 Hope that helps!

Avatar

Level 1

Hi Tarun Kumar,

 

We are using this PublicKeyCertificate class as well to get truststore/keystore and public key. From this class, we are getting truststore/keystore and public key successfully, but when we add the keystore object into SSLContext object, and add the sslContext into HTTPClient to call the API (as shown below screenshot). We are getting this "org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required" exception. 

Dave2511_0-1678786732732.png