Wednesday, October 21, 2015

Using curl with SSL cert chain

You can use the --insecure option to curl without SSL checks

curl --insecure -u user:passwd -X GET -H 'Content-Type: application/json' "https//somesecureserver.com/rest/field"


But what if you WANT to use SSL? The curl docs mentions the --cacert option, but its still a little unclear on how to do this.

First you'll need to get the entire certificate path to the https server. You need the entire path because curl does not come with any CA cert info. The cacert option also requires the cert in pem format. Lastly the entire certificate chain should be in 1 file, since the cacert option accepts only 1 file.

1. Get the all the certs from a browser

Get this by clicking on the Lock or Green portion from the address bar


Click on the Connection tab and then "Certificate Information"
Click on the Details tab. Here you can Copy this to a file.
Select the DER encoded binary x.509(.cer) option


Do this for all the entries that show up  in the Certificate Path tab (there will be around 3)


2. Convert the .cer files to PEM format with openssl:

openssl x509 -inform DES -in file1.cer -out file1.pem -text
openssl x509 -inform DES -in file2.cer -out file2.pem -text
openssl x509 -inform DES -in file3.cer -out file3.pem -text

3. Now append all these pem files into one repo

cat *.pem > certRepo

Now you can use the certRepo to connect via SSL

curl --cacert certRepo -u user:passwd -X GET -H 'Content-Type: application/json' "https//somesecureserver.com/rest/field"
Posted by at 8 comments:

Thursday, March 19, 2015

Load properties into a guava ImmutableMap with Spring

Create your props file (here called secret-identities.properties):


Clark\ Kent = Superman
Bruce\ Wayne = Batman
Kit\ Walker = The Phantom

Note that by definition keys in .properties files cannot contain spaces.  So you must escape them with a '\'

In your Spring configuration:

<bean id="mapProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="ignoreResourceNotFound" value="true"/>
    <property name="fileEncoding" value="UTF-8"/>
    <property name="locations">
        <list>
            <value>classpath:secret-identites.properties</value>
        </list>
    </property>
</bean>

<bean id="secretIdentityMap" class="com.google.common.collect.ImmutableMap" factory-method="copyOf">
    <constructor-arg ref="mapProperties"/>
</bean>


Now you can get a fully injected ImmutableMap in your code:

@Autowired
private ImmutableMap<String, String> secretIdentityMap;

Thanks to Stackoverflow for inspiration!
Posted by at No comments:
Subscribe to: Posts (Atom)