Skip to content

Instantly share code, notes, and snippets.

@giner
Last active August 29, 2021 12:33
Show Gist options
  • Save giner/e89a09b6afcfb91ab56e8ccc79978e7d to your computer and use it in GitHub Desktop.
Save giner/e89a09b6afcfb91ab56e8ccc79978e7d to your computer and use it in GitHub Desktop.
Java: Enable client side mTLS without modifying application
# Notes:
# - option javax.net.ssl.trustStore replaces default java truststore
# i.e. TLS connections other than mTLS won't be possible unless
# the new truststore contains Common CA certificates
# - The custom CA certificate from truststore.pkcs12 will be used by
# all TLS connections initiated from the app. Make sure you can
# fully trust this CA in your specific case.
# - Generation of the keystores is not a part of this snippet and can
# be easily found on other resources
#
# client.pkcs12 contains:
# - client certificate
# - client private key
#
# truststore.pkcs12 contains:
# - CA certificate
java -Djavax.net.ssl.keyStore=/path/to/client.pkcs12 \
-Djavax.net.ssl.keyStorePassword="<keystorepass>" \
-Djavax.net.ssl.trustStore=/path/to/truststore.pkcs12 \
-Djavax.net.ssl.trustStorePassword="<truststorepass>" \
-jar your-java-app.jar
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment