«

Hello -

I'm trying to write a simple Java client program that tries to establish a
connection with a webserver over HTTPS. The webserver requires 2-way
authentication, ie. the server authenticates itself to the server and
vice-versa. I have a client certificate in the form of a P7B file. The
server certificate is self-signed. I want to keep the client program as
simple as possible, as it will be used to debug contentious communications
issues.

Is it possible to do this simply using the HttpsURLConnection class? It
seems to have no way to import a certificate on the fly. It seems to require
the use of other classes such as KeyStore, which adds complexity and reduces
clarity.

Can anyone offer advice?

On Nov 28, 11:25 am, "Simon" <si...@dsdwerewrf.invalid.com> wrote:
> Hello -
>
> I'm trying to write a simple Java client program that tries to establish a
> connection with a webserver over HTTPS. The webserver requires 2-way
> authentication, ie. the server authenticates itself to the server and
> vice-versa. I have a client certificate in the form of a P7B file. The
> server certificate is self-signed. I want to keep the client program as
> simple as possible, as it will be used to debug contentious communications
> issues.
>
> Is it possible to do this simply using the HttpsURLConnection class? It
> seems to have no way to import a certificate on the fly. It seems to require
> the use of other classes such as KeyStore, which adds complexity and reduces
> clarity.
>
> Can anyone offer advice?

I have not used 2-way auth over HTTPS, but for 1-way I found Apache's
HTTPClient (http://jakarta.apache.org/httpcompon...ttpclient-3.x/
sslguide.html) to work very well. It might be worth a look..as it
could very well support 2-way auth.

-cheers,
Manish