Comments (14)
The only documentation I have found is in the MicroProfile Rest Client documentation.
- https://download.eclipse.org/microprofile/microprofile-rest-client-2.0/microprofile-rest-client-spec-2.0.html#_trust_store
- https://download.eclipse.org/microprofile/microprofile-rest-client-2.0/microprofile-rest-client-spec-2.0.html#_key_store
Should probably be configured as follows (#22293 (comment) and https://quarkus.io/blog/quarkus-mutual-tls/#configure-microprofile-rest-client-for-mutual-tls):
# truststore config
org.acme.client.mtls.GreetingService/mp-rest/trustStore=classpath:/META-INF/resources/client.truststore.p12
org.acme.client.mtls.GreetingService/mp-rest/trustStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/trustStorePassword=password
# keystore config
org.acme.client.mtls.GreetingService/mp-rest/keyStore=classpath:/META-INF/resources/client.keystore.p12
org.acme.client.mtls.GreetingService/mp-rest/keyStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/keyStorePassword=password
from quarkus.
As an alternative you could use the vert.x web client: https://quarkus.io/guides/vertx#using-vert-x-clients
WebClientOptions options = new WebClientOptions()
.setSsl(true)
.setPemKeyCertOptions(new PemKeyCertOptions()
.addCertPath("path/to/cert.pem")
.setKeyPath("path/to/key.pem"))
.setTrustOptions(new PemTrustOptions()
.addCertPath("path/to/cert.pem"));
WebClient client = WebClient.create(vertx, options);
from quarkus.
Let's wait until the new mechanism is in place before adding anything, or I will have to change it in a few weeks.
from quarkus.
/cc @cescoffier (rest-client), @geoand (rest-client), @radcortez (config)
from quarkus.
The configuration is likely going to change (the current one will still be working) following the TLS config centralization work.
from quarkus.
Hi @cescoffier
But where is the current doc?
from quarkus.
@leaqui https://quarkus.io/guides/security-authentication-mechanisms#mutual-tls
from quarkus.
but this is for client-side?
from quarkus.
You are right, my fault.
from quarkus.
Also, properties are listed at: https://es.quarkus.io/guides/all-config#quarkus-rest-client-config_quarkus-rest-client-config-rest-clients-config
But I think lost MTLS configuration doc (or a link to) at REST client guide is useful.
from quarkus.
Do you remember anything from the docs contents so we can look through the git history?
from quarkus.
I'm sure it was at https://quarkus.io/guides/rest-client but I can't find it at history.
I think the section title was something like Mutual - TLS
The section had a configuration block with properties like:
quarkus.rest-client.config-key.trust-store
quarkus.rest-client.config-key.trust-store-password
quarkus.rest-client.config-key.key-store
quarkus.rest-client.config-key.key-store-password
Similar to https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls
from quarkus.
I had no luck in locating it unfortunately
from quarkus.
No matter, I think adding something like https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls would be fine.
from quarkus.
Related Issues (20)
- Build Error after bump jandex-maven-plugin version from 3.1.8 to 3.2.0 HOT 2
- [PROPOSAL] Add Teradata database support HOT 2
- Is Quarkus supposed to be supported by AWS CDK ? HOT 7
- Micrometer-Microprofile adapter checks annotations in abstract classes HOT 1
- Promoting a Quarkus app with resource limits in the deployment-config leads to request queuing and thread blocks, impairing functionality. Without limits, the app performs well. HOT 1
- Owerride configuration properties from smallrye.config.locations HOT 1
- Podman guide for Linux is incorrect HOT 1
- JUnit TestTemplate tests are not re-run on code change in dev mode
- Increased augmentation times in Quarkus 3.8.4 HOT 19
- Enable the JDBC instrumentation without additional property
- During IT: Redis host not configured HOT 4
- Behavior unexpected sending bytes compressed with gzip setting property 'resteasy.gzip.max.input' HOT 5
- Support for `@InjectMock EntityManager` HOT 6
- Regression in 3.11.0: jpamodelgen WITH ECLIPSE COMPILER does not run and logs a warning: "Both Quarkus Hibernate ORM and Hibernate Reactive with Panache detected: this is not supported, so will proceed as if none were there" HOT 23
- Since 3.10.1 RequestContext handling is broken on request cancle HOT 12
- JDBC Driver - Microsoft SQL Server extension doesn't work in FIPS-enabled environment with OpenJDK 17 and RHEL8 but works with OpenJDK 21 HOT 1
- dynamic default index page has bad behavior when access from non localhost
- dynamic default page can't handle I add a index.html file HOT 1
- Runtime java.lang.NoClassDefFoundError: io/quarkus/deployment/builditem/RunTimeConfigurationSourceValueBuildItem After Migrating to Quarkus 3.9.2 HOT 4
- RestEasy reactive: Cannot use method with same name but different parameters HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quarkus.