WebClient TLS configuration

WebClient TLS configuration: Configure TLS either programmatically or by the Helidon configuration framework.

Configuring TLS in your code

The one way to configure TLS in WebClient is in your application code.

KeyConfig keyConfig = KeyConfig.keystoreBuilder()
                //Whether this keystore is also trust store
                .trustStore()
                //Keystore location/name
                .keystore(Resource.create("client.p12"))
                //Password to the keystore
                .keystorePassphrase("password")
                .build();

WebClient.builder()
         .tls(WebClientTls.builder()
               .certificateTrustStore(keyConfig)
               .clientKeyStore(keyConfig)
               .build())
         .build();

Copied

Configuring TLS in the config file

It is also possible to configure TLS via the config file.

WebClient TLS configuration file application.yaml

webclient:
  tls:
    #Server part defines settings for server certificate validation and truststore
    server:
      keystore:
        passphrase: "password"
        trust-store: true
        resource:
          resource-path: "keystore.p12"
    #Client part defines access to the keystore with client private key or certificate
    client:
      keystore:
        passphrase: "password"
        resource:
          resource-path: "keystore.p12"

Copied

Then, in your application code, load the configuration from that file.

WebClient initialization using the application.yaml file located on the classpath

Config config = Config.create();
WebClient webClient = WebClient.create(config.get("webclient"));

Copied

Or you can only create WebClientTls instance based on the config file.

WebClientTls instance based on application.yaml file located on the classpath

Config config = Config.create();
WebClientTls.builder()
    .config(config.get("webclient.tls"))
    .build();

Copied

Configuration options

See all configuration options here.

Available server certificate configuration options:

Configuration key	Default value	Java type	Description
`disable-hostname-verification`	false	boolean	Whether hostname verification should be performed
`trust-all`	false	boolean	Whether all of the server certificates should be trusted
`keystore`		Object	Keystore configuration, please follow the example above

Available client configuration options:

Configuration key	Default value	Java type	Description
`keystore`		Object	Keystore configuration, please follow the example above