Here, Experienced Java Application Development team describes all about setting up your mutual TLS client code (Java HTTPS client certificate authentication), which will communicate to your server with HTTPS protected with the certificate.
Please watch this video to learn more about the details with codebase uploaded to Git.
Client certificate authentication can only be enforced by the server. (When the server requests a client certificate (as part of the TLS handshake), it will likewise give a rundown of trusted CA's like a feature of the cert request). The CA root cert should be imported into a Java TrustStore (cacerts).
The client TS is a straightforward JKS design document containing the root or intermediate CA certs. These CA certs will figure out which endpoints you will be permitted to speak with, for this situation it will permit your client to interface with whichever server presents a certificate that was signed by one of the TS's CA's.
We can use the Java keystool command-line utility to import example.ca.crt into a new Java TrustStore but here what we have done is instead of the command line, We can Programmatically Import CA trust cert into the existing trust store file without using keytool and here I have used Keystore API from Java itself.
We can create a KS (Keystore) instance using the getInstance() method. Then we have to initialize the Keystore. We use the load method here. To create a new Keystore, we have to pass null as the first parameter. To access the Keystore, a password is being provided.
Note: All the codes I have explained here, you can find in the Gitlab path below: