How to make 'simple SSL' thru Web Services?

Question

I know how to secure Web Services using certificates. that\'s my client code:

  SSLContext ssl = SSLContext.getInstance(\"SSLv3\");
  KeyManagerFactory kmf =         


        

Answer 1

You can control if the https server requires client certificates in this way:

HttpsConfigurator cfg = new HttpsConfigurator(sslCtx){
  public void configure(HttpsParameters params) {
        SSLParameters sslparams = getSSLContext().getDefaultSSLParameters();

        // Modify the default params:
        // Using this, server will require client certs
        //sslparams.setNeedClientAuth(true);

        // Using this, server will request client certs. But if not available,
        // it will continue anyway.
        sslparams.setWantClientAuth(true);

        params.setSSLParameters(sslparams);
  }
};
HttpsServer httpsS = HttpsServer.create(new InetSocketAddress(8081), 50);
httpsS.setHttpsConfigurator(cfg);

If client certs are not required, clients can connect without client certificate, so simple calling https will work.

In my blog you can see example of client for how to bypass the server certificate and hostname validation (although not recommended, useful e.g. for testing) http://jakubneubauer.wordpress.com/2011/09/06/java-webservice-over-ssl/