{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《Curl cacert to Java HttpClient equivalent》','https://www.manongdao.com/q-387616.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I wonder if I am able to make a connection using curl like the following command,
curl --cacert some.pem https://someurl.com/resource
How do I convert this to httpclient code? I understands I need to convert the pem file and create a new keystore, etc. But all these openssl, keytool commands, keystore, truststore confuses me, I don't know which one to use and in which order.
You need to create a keystore (which you'll use as a trust store) from the PEM file. This can be done as follows.
You then need to use this keystore as a truststore.
If you wish to do this for a specific connection only, you should follow this answer.
If you want to do this for all connections in your application (or at least those that don't change the default), you can use the
javax.net.ssl.trustStore(and related) system properties (see the Customization section of the JSSE Reference Guide). The problem if you want to do this for your entire application is that default trusted CAs won't be included. An easy way around this is to make a copy of thecacertsfile bundled with your JRE and use it as a starting point fortruststore.jks.Alternatively, you can import the certificate directly into the global
cacertsfile, but this will make that certificate trusted by default on all applications running on this JRE.(You can also find more about the distinction between keystore and truststore in this answer.)