Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RestTemplate doesn't load certs from truststore and fails on https calls [SPR-17204] #21737

spring-projects-issues opened this issue Aug 22, 2018 · 3 comments
in: web Issues in web modules (web, webmvc, webflux, websocket) status: invalid An issue that we don't feel is valid


Copy link

spring-projects-issues commented Aug 22, 2018

venkata opened SPR-17204 and commented

I have been trying make https calls internally. I can standard HttpsURLConnection and it would load the certs for default jre/lib/security and make the call successfully. But if I use RestTemplate it would fail even when give pass the truststore details as jvm arguments to the boot application.


I tried switching to okhttpclient request factory and passed a client to it and it still fails but succeeds when using only OkHttpClient instead of RestTemplate. notice that I use the same client instance.

OkHttpClient client = new OkHttpClient.Builder()
.authenticator(new Authenticator() {
@Override public Request authenticate(Route route, Response response) throws IOException {
if (response.request().header("Authorization") != null) {
return null; // Give up, we've already attempted to authenticate.

	              System.out.println("Authenticating for response: " + response);
	              System.out.println("Challenges: " + response.challenges());
	              String credential = Credentials.basic("foo", "bar");
	              return response.request().newBuilder()
	                  .header("Authorization", credential)
	Request request = new Request.Builder().url("https://someurl").build();
	try (Response response = client.newCall(request).execute()) {
	      if (!response.isSuccessful()) throw new IOException("Unexpected code " + response);


RestTemplate restTemplate = new RestTemplate(new OkHttp3ClientHttpRequestFactory(client));

String response = restTemplate.getForObject( "https://someurl",




Affects: 5.0.8

Copy link
Collaborator Author

spring-projects-issues commented Aug 23, 2018

Brian Clozel commented

Please use StackOverflow for questions. The Spring team is monitoring tags there.

Given your issue description, there's no evidence of a bug in Spring Framework. Also, please add more information to your question: logs, is the server certificate self-signed, which client factory RestTemplate is using in that case, Spring Framework version, HTTP logs, etc.

Copy link
Collaborator Author

spring-projects-issues commented Aug 27, 2018

venkata commented

Firstly, I wouldn't gone lengths to post here. If stackoverflow had the answer. The stackoverflow answers refer to using Apache http library. While spring simple client request factory relies on standard Java. If I write a standard java connection it loads up cacerts by default from jre/lib/security but when I use rest template it doesn't. I really don't understand how much more detailed I have to be in this case, I could be wrong in case there is a spring config that will tell me how to point to the certs file.

HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
// connection.setDoOutput(true);
// connection.setRequestMethod("GET");
// String encoded = Base64Utils.encodeToString(("blah" + ":" + "blah").getBytes(StandardCharsets.UTF_8)); // Java
// // 8
// connection.setRequestProperty("Authorization", "Basic " + encoded);
//// connection.setRequestProperty("Authorization", "Basic "+encoded); connection.setRequestProperty("Accept", "application/json");
// BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
// String inputLine;
// StringBuffer content = new StringBuffer();
// while ((inputLine = in.readLine()) != null) {
// content.append(inputLine);
// }
// in.close();

Copy link
Collaborator Author

spring-projects-issues commented Aug 27, 2018

Brian Clozel commented

I'd like to provide help here, but I don't have enough information to reproduce this issue (I've asked for a few pieces of information in my previous comment). StackOverflow is still the best place for Q&A. If your problem is still not solved, rewriting your question or coming up with a minimal sample application should help.

@spring-projects-issues spring-projects-issues added type: bug A general bug status: invalid An issue that we don't feel is valid in: web Issues in web modules (web, webmvc, webflux, websocket) and removed type: bug A general bug labels Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
in: web Issues in web modules (web, webmvc, webflux, websocket) status: invalid An issue that we don't feel is valid
None yet

No branches or pull requests

1 participant