Apache HTTP Components - AdvantageNavigator/ImportEngine GitHub Wiki

Within the ImportEngine library, Apache HTTP Components is used for data transfer to the Advantage Navigator import engine (see https://hc.apache.org/ for details). This wiki page shows how to handle the certificates for a secure data transmission.

Note: The library contains a keystore with the VeriSign's CA certificate for the Advantage Navigator communication. This wiki page explains some basic concepts that don't have to be performed when using the library.

Create a keystore and import certificate

To create an empty Java keystore, execute the following lines in a command windows:

keytool -genkey -alias foo -keystore keystore.jks  
keytool -delete -alias foo -keystore keystore.jks

The first line creates a new keystore including a certificate with the alias foo. The second line deletes the certificate from the keystore. The result is an empty keystore file. To show all certificates in the keystore, use the following command:

keytool -list -v -keystore keystore.jks

To import a trusted CA root certificate to the keystore, use the following command:

keytool -import -trustcacerts -alias root -file certificate.crt -keystore keystore.jks

To add a non-CA certificate to the keystore, use the following command:

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"

To import a PEM certificate, the file must be converted to a DER file first:

openssl x509 -outform der -in certificate.pem -out certificate.der

Use keystore for HTTPS

The following code snippet shows how to use a Java keystore for server validation:

String URL = "https://eadvantage.siemens.com/";
		
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream stream = new FileInputStream("keystore.jks");
trustStore.load(stream, "secret_password".toCharArray());
		
SSLContext context = SSLContexts.custom().loadTrustMaterial(trustStore).build();
SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(context);
		
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(factory).build();
HttpGet httpget = new HttpGet(URL);
		
CloseableHttpResponse response = client.execute(httpget);
System.out.println("Got response: " + response.toString());

If the Java keystore doesn't contain a valid certificate for validating the server, an SSLException will be thrown when executing the HTTP request.