Https on Dropwizard - Unable to retrieve certificate chain for CA certificate

[siddheshwar narke]

Hi,

I am using below configuration in yml.  With validateCert = false and self signed certificate I am able to start Dropwizard application.

keyStorePath: ./src/config/sample.keystore
keyStorePassword: *****
keyStoreType: JCEKS
certAlias: test
trustStorePath: ./src/config/sample.truststore
needClientAuth: false
validateCerts: true

I have bundled CA certificates in a single file and imported it to keystore but with that Dropwizard application is not starting up. 

Used below command to bundle chained certificate.

copy application.crt + TrustedSecureCertificateAuthority5.crt + USERTrustRSAAddTrustCA.crt + AddTrustExternalCARoot.crt test.crt

Please let me know if there is issue in dropwizard or the way I am importing keystore.

Thanks,

Siddheshwar

[siddheshwar narke]

This issue is fixed now.

Steps followed - 

1. Created a bundle certificate for chained certificates. Bundle certificates looks like as below -  (name it bundle.crt)

-----BEGIN CERTIFICATE-----

MIIFzDCCBLSgAwIBAgIQSNxNfTY43

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIFzDCCBLSgAwIBAgIQSNxNfTY43

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIFzDCCBLSgAwIBAgIQSNxNfTY43

-----END CERTIFICATE-----

2. Convert bundle certificate in pkcs12 format using openssl - (output file keystore.p12)

    openssl pkcs12 -export -in bundle.crt -inkey privateKey -out keystore.p12 -CAfile AddTrustExternalCARoot.crt

    here privateKey is the key which is genereated while creating Certificate Signing Request.

3. Import pkcs12 into keystore.

   keytool -importkeystore -srckeystore keystore.p12 -destkeystore Mykeystore.keystore -srcstoretype pkcs12 -deststoretype jceks

4. Just import your domain certificate in truststore. No need to import bundle in truststore.