How can I authenticate a Ribbon load balancer and Zuul proxy using a certificate?

Question

I have a Spring application, that acts as an authentication proxy for two backend servers. A user will access the Spring application and be forwarded to the backend once he is successfully authenticated. To prevent unwanted access without prior authentication the backend servers require a certificate as authentication.

My Spring application uses Netflix-Ribbon as a load balancer and Netflix-Zuul as a Proxy for the users requests. How can I configure them to use the client certificate that is required for the authentication on the backend servers?

score 1 · Accepted Answer · answered Jul 28 '20 at 12:22

Ok, I figured it out. You can configure your own CloasableHttpClient as a @Bean and create a custom SSL context. You can provide a certificate to a server through .loadKeyMaterial(). Zuul will then use these settings.

@Configuration
public class HttpClientConfig {

    @Bean
    public CloseableHttpClient httpClient() throws Throwable {

        String keyPassphrase = "yourCertificatePassword";

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("Path/to/your/clientCert.pfx"), keyPassphrase.toCharArray());

        SSLContext sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, keyPassphrase.toCharArray())
                .build();

        return HttpClients.custom()
                .setSSLContext(sslContext)
                .build();
    }
}

How can I authenticate a Ribbon load balancer and Zuul proxy using a certificate?

1 Answers1