Forum Discussion
CirrostratusF5 HTTP API Request
CirrostratusMike757yes, I have an issue with HTTPS connection to the API through java, as I am getting SSL error even after importing the certificate.
I am checking if there is an option to connect to the API without encrypted communication(with HTTP)
- Mike757
Cirrocumulus
Hey, srinidhi12
I saw another user (TimRiker) helping you on the other post, and I'm inclined to repeat his answer: if you're using a self-signed certificate, you have to add that very certificate to Java's trust store. If you're using a certificate signed by a private CA, you need to add the root (and possibly the rest of the chain) to the trust store.
See if this link will help, and if you imported the management certificate in this way: https://connect2id.com/blog/importing-ca-root-cert-into-jvm-trust-store
I would also recommend that you verify the certificate you're receiving from F5 is the one you're expecting. You can do that with a traffic capture on your java client machine, or in F5 itself with:
# tcpdump -nni mgmt host <IP of java client> -s 0 -w <filename>
This assumes you're connecting to the management interface, normally called "mgmt"; you can confirm that with "ifconfig". Break the tcpdump with Ctrl-C, and then download the file with SCP, open in wireshark, confirm SSL handshake includes what you expected.
/Mike
- srinidhi12
Hi, thanks for the response.
I have imported the device certificate in my Java keystore.
Just wanted to know if only the certificate is enough or do I need "key" to access the server from java.
Thanks!
