Re: Using HTTPS in camel-http when remote side has self-signed cert

Fri, 16 Oct 2009 20:44:58 -0700 

Hi,
You can do some customer modification on the HttpClient through the CamelHttpClientConfigurer interface. 


public class AcceptSelfSignCertHttpClientConfigure implements 
HttpClientConfigurer {


    public void configureHttpClient(HttpClient client) {
        // register the customer SSLFactory
        ProtocolSocketFactory easy = new EasySSLProtocolSocketFactory();
        Protocol protocol = new Protocol("https", easy, 8443);
        Protocol.registerProtocol("https", protocol);

    }
}

And configure the configure through the HTTP endpoint URI.


If you has another http client configuration , you can use the 
CompositeHttpConfigurer[1] to hold these configuration.



[1] 
https://svn.apache.org/repos/asf/camel/trunk/components/camel-http/src/main/java/org/apache/camel/component/http/CompositeHttpConfigurer.java


Willem


Scott Parkerson wrote:

I'm trying to use Camel's HTTP component to send a POST request to a
web service using HTTPS. When I attempt to connect, I get the
following exception:

org.apache.camel.RuntimeCamelException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
        at 
org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:850)
        at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:138)
        at 
org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:101)
        at 
org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:105)
        at 
org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:121)
        at 
org.apache.camel.impl.DefaultProducerTemplate.requestBody(DefaultProducerTemplate.java:201)
[etc.]

I'm pretty sure that this is because the remote side is using a
self-signed certificate.

The question is: is there a good way to replace the behavior SSL
factory used by the Commons HTTPClient inside of the camel-http
component to make it accept self-signed certificates? I see that the
docs mention that you can provide a class that extends
CamelHttpClientConfigurer and configure the endpoint to use a
reference to that bean.

Ideas?

--sgp
cf. http://www.smerpology.org/

























					Reply via email to