For Jersey Client (or any Java web client for that matter) to connect to a SSL endpoint, the target server certificate must be
jssecacerts files into your JRE truststore at
$JAVA_HOME\jre\lib\security. This is painful if you don’t have access
to infrastructure, or don’t want to patch/update your server/base Docker container everytime your SSL certificate changes. I will
show you a more elegant solution for JerseyClient/Dropwizard JerseyClient, where the certificate is loaded from file during runtime
and doesn’t need to live in the JRE.
- Extract server certificate in JSSE format - Mkyong has a very good tutorial on extracting server certificate into jssecacerts using InstallCert.
- Once you have the
jssecacertsfile, put it inside your application’s
- For a vanillar Jersey Client, you can enable HTTPS following this answer and referenced links.
- Dropwizard JerseyClient is built using its own
JerseyClientBuilder, which you need to confirm to. The answer can be found JerseyClientBuilderTest. Simply replace the default
SSLSocketConnectionFactorywith one initialised using your
jssecacertsTrustStore. A gist is worth a thounsand words: