LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub
Star

Public HTTPS

When using our Http2Client to communication with public API with CA-signed certificates, we have to find a way to download the certificate from the site and put it into our client.truststore file in order to establish TLS connection to the site if you cannot get the certificate from the right channel.

There are multiple options to do that, and the simple one is from the browser; however, the certificate downloaded from the browser might not be completed as we need the entire chain to verify the certificate during the handshake.

Here is a command line to do that.

openssl s_client -showcerts -connect us-east-1.online.tableau.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >tableau.pem

Once you have downloaded the certificate, you can test it with wget command line.

wget https:/us-east-1.online.tableau.com --ca-certificate=tableau.pem

Now you can import it into the client.truststore file.

keytool -v -import -file tableau.pem -alias tableaucrt -keystore client.truststore 

For other keytool commands and options, please refer to keytool document.

After the client.truststore is modified, you need to use Http2Client to access the target server. There are numeric examples that can be found in light-example-4j/client and all the test cases.

Please note that you need to set the host header for all the requests to HTTP/1.1 servers.

request.getRequestHeaders().put(Headers.HOST, "localhost");

To see the demo application source code which accesses tableau server, please refer to https://github.com/networknt/light-example-4j/tree/master/client/tableau

For debugging your TLS connection, please refer to Debugging SSL/TLS Connections

Please note that download client certificate might not work all the time as the server might be behind a proxy which has its certificate and the proxy is set up as TLS passthrough. In that case, the certificate downloaded is for the proxy server and the real server will reject your certificate during the handshake. This happens with most Kubernetes cluster or OpenShift cluster.

  • About Light
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • SOA
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Server Life Cycle
    • Environment Segregation
    • Database
    • Decomposition Patterns
    • Http2
    • Test Driven
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Hybrid Serverless Modularized Monolithic
    • Kafka - Event Sourcing and CQRS
    • REST - Representational state transfer
    • Web Server with Light
    • Websocket with Light
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
    • Light IBM MQ
    • Light AWS Lambda
    • Chaos Monkey
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Mesh
    • Light Router
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • COVID-19
    • Light OAuth2
    • Metrics and Alerts
    • Config Server
    • Tokenization
    • Light Controller
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial
“Public HTTPS” was last updated: April 2, 2019: fixes #62 add Chinese language for the document site (5c820aa)
Improve this page
  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute