[akka-http] Configuring HTTPS with a trusted certificate chain

141 views
Skip to first unread message

Julian Michael

unread,
Nov 10, 2016, 3:50:08 AM11/10/16
to Akka User List
Hi akka-user,

I'm trying to host a simple server that uses HTTPS. I'm having exactly the same problem as pointed out in this issue,
where Chrome responds with ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
It worked when I used a self-signed certificate (while Chrome complained that the cert wasn't trusted, I could go through and view the page),
but now that I'm using a proper trusted certificate chain it's not working.
This leads me to think there's something wrong with my keystore, but I don't know where to start in diagnosing that.

Adding the -Djavax.net.debug=all flag to my build.sbt didn't cause anything to be printed,
but I tried openssl s_client -connect <domain>:<port> and the output was as follows.

CONNECTED(00000003)

140735126758224:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 308 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : 0000

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    Start Time: 1478765759

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---


I don't know much about web protocols and don't really understand this output.

Any idea what the problem might be and how I can fix it?


Thank you!

Julian

johannes...@lightbend.com

unread,
Nov 10, 2016, 10:44:39 AM11/10/16
to Akka User List
Hi Julian,

can you post more information about your code and what happens exactly when you run it? What kind of key material do you have and how do you load it? Are you using akka-http on the client side or on the server side?

Johannes

Julian Michael

unread,
Nov 10, 2016, 9:46:55 PM11/10/16
to Akka User List
Hi Johannes,

Actually, I figured it out: embarrassingly, I had forgotten to import my private key into the Java keystore. Once I did that everything worked.. sorry to bother you! If only I had a type system that could have warned me about it ahead of time, ha ha..

Best,
Julian
Reply all
Reply to author
Forward
0 new messages