"CertificateRequest" is not happening when when client auth is enabled in Spring-Boot Application?

Question

I'm using two spring boot applications as a server and client. I configured two way SSL as below.

Server application.properties file:

server.port=8081
sever.ssl.enabled=true
sever.ssl.client-auth=need
server.ssl.key-store=classpath:server.jks
server.ssl.key-store-password=*******
server.ssl.key-alias=server
server.ssl.key-store-type=JKS
server.ssl.key-store-provider=SUN
server.ssl.trust-store=classpath:server.jks
server.ssl.trust-store-password=*******
server.ssl.trust-store-type=JKS

Client application.properties file:

server.port=8080
server.ssl.enabled=true
server.ssl.client-auth=want
server.ssl.key-store=classpath:client.jks
server.ssl.key-store-password=*******
server.ssl.key-alias=client
server.ssl.key-store-type=JKS
server.ssl.key-store-provider=SUN
server.ssl.trust-store=classpath:client.jks
server.ssl.trust-store-password=*******
server.ssl.trust-store-type=JKS

On the client-side, I implemented RestTemplate as well. I added client cert and server cert in respective Keystore as trust entry.

When I check the SSL handshake logs in server, I couldn't find *** CertificateRequest? Instead one-way SSL is happening.

Am I missing any configuration for Two way SSL? How can I make two-way SSL between server-client in spring boot application?

Answer 1

It looks like server is configured properly, but the client isn't. The client you are using uses apache http client behind the scene's. You need to correctly configure that one. Similar question has been asked and also answered here: How to call secured rest api using .pfx certificate & password in spring boot rest template?

Basically what you need to do is create a sslContext with the keystore/truststore and supply it to the apache http client and inject that into the resttemplate