This Gist is about using Client Certificates in Java when making HTTPs calls with plain Java code (java(x).net
, no other frameworks) in a 2-way SSL context, that is: the Server trusts and uses a Client Public Key to establish the secure connection. The example is a Java runnable class for a Client that uses a Certificate to establish a Two Way SSL communication with a Server.
Disclaimer: this gist reflects my understanding, and is not necessarily 100% accurate. Feedback is appreciated.
For this to work, the Client certificate has to be issued by a CA (Certification Authority) trusted by the Server, the same way that the Client has to trust the CA of the Server. In Java, "trust a CA" means having that CA stored in an encrypted file called "trust store" accessible from our code by the use of a password and the appropriate security SDK provided by the JDK.
How to store that trust stores' passwords securely in our enviroments is another story.