Configuring HTTPS on DropWizard
4,107 views
Skip to first unread message
Sriram Narasimhan
Sep 9, 2013, 3:10:48 AM9/9/13
to dropwiz...@googlegroups.com
Hi, (This question is after making lots of attempts over reading dropwiz manual, experimenting with example proj, reading mailinglists & googling.)
1) Generated a server certificate (genrsa -des3 key) & imported it to my jks keystore. Places my .jks file in project.
2) Configured my yml as below
http:
port: 8080
adminPort: 8081
connectorType: nonblocking+ssl
ssl:
keyStore: ./keystore.jks
keyStorePassword: ******
keyStoreType: JKS
3) Server starts clean with the following message
INFO [2013-09-09 06:57:40,939] com.yammer.dropwizard.cli.ServerCommand: Starting LoginService
INFO [2013-09-09 06:57:40,941] org.eclipse.jetty.server.Server: jetty-8.1.8.v20121106
INFO [2013-09-09 06:57:41,038] com.sun.jersey.server.impl.application.WebApplicationImpl: Initiating Jersey application, version 'Jersey: 1.15 10/30/2012 02:40 PM'
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment:
GET /login (com.myproject.loginspike.LoginResource)
POST /authenticate (com.myproject.loginspike.LoginResource)
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment: tasks =
POST /tasks/gc (com.yammer.dropwizard.tasks.GarbageCollectionTask)
INFO [2013-09-09 06:57:41,520] org.eclipse.jetty.util.ssl.SslContextFactory: Enabled Protocols [SSLv3, TLSv1] of [SSLv2Hello, SSLv3, TLSv1]
INFO [2013-09-09 06:57:41,539] org.eclipse.jetty.server.AbstractConnector: Started InstrumentedSslSel...@0.0.0.0:8080
INFO [2013-09-09 06:57:41,541] org.eclipse.jetty.server.AbstractConnector: Started SocketC...@0.0.0.0:8081
4) But i'm unable to curl the url . Receive the following error. (Chrome throws 'Unable to make a secure connection to the server.' error as well)
➜ LoginSpike curl -X GET https://localhost:8080/login
curl: (35) Unknown SSL protocol error in connection to localhost:8080
Note : I use openssl version 1.0.1
➜ LoginSpike openssl version
OpenSSL 1.0.1e 11 Feb 2013
Am I missing something obvious here ? Your help will be sincerely appreciated.
thanks,
Sriram
1) Generated a server certificate (genrsa -des3 key) & imported it to my jks keystore. Places my .jks file in project.
2) Configured my yml as below
http:
port: 8080
adminPort: 8081
connectorType: nonblocking+ssl
ssl:
keyStore: ./keystore.jks
keyStorePassword: ******
keyStoreType: JKS
3) Server starts clean with the following message
INFO [2013-09-09 06:57:40,939] com.yammer.dropwizard.cli.ServerCommand: Starting LoginService
INFO [2013-09-09 06:57:40,941] org.eclipse.jetty.server.Server: jetty-8.1.8.v20121106
INFO [2013-09-09 06:57:41,038] com.sun.jersey.server.impl.application.WebApplicationImpl: Initiating Jersey application, version 'Jersey: 1.15 10/30/2012 02:40 PM'
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment:
GET /login (com.myproject.loginspike.LoginResource)
POST /authenticate (com.myproject.loginspike.LoginResource)
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment: tasks =
POST /tasks/gc (com.yammer.dropwizard.tasks.GarbageCollectionTask)
INFO [2013-09-09 06:57:41,520] org.eclipse.jetty.util.ssl.SslContextFactory: Enabled Protocols [SSLv3, TLSv1] of [SSLv2Hello, SSLv3, TLSv1]
INFO [2013-09-09 06:57:41,539] org.eclipse.jetty.server.AbstractConnector: Started InstrumentedSslSel...@0.0.0.0:8080
INFO [2013-09-09 06:57:41,541] org.eclipse.jetty.server.AbstractConnector: Started SocketC...@0.0.0.0:8081
4) But i'm unable to curl the url . Receive the following error. (Chrome throws 'Unable to make a secure connection to the server.' error as well)
➜ LoginSpike curl -X GET https://localhost:8080/login
curl: (35) Unknown SSL protocol error in connection to localhost:8080
Note : I use openssl version 1.0.1
➜ LoginSpike openssl version
OpenSSL 1.0.1e 11 Feb 2013
Am I missing something obvious here ? Your help will be sincerely appreciated.
thanks,
Sriram
Sriram Narasimhan
Sep 9, 2013, 7:18:52 AM9/9/13
to dropwiz...@googlegroups.com
Got it resolved by following openssl step by step in jetty docs.
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
Issue - Certs & Keys generated via openssl had to be loaded via openssl,PKCS12. When loaded via keytool, the certs had issues.
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
Issue - Certs & Keys generated via openssl had to be loaded via openssl,PKCS12. When loaded via keytool, the certs had issues.
--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Jerry Carter
Sep 9, 2013, 9:34:24 AM9/9/13
to dropwiz...@googlegroups.com
Sriram:
Glad to see that you found the solution before I could get my reply out. Based on the original message, let me suggest that you avoid plaintext passwords in your configuration file. See <http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords> for details.
Glad to see that you found the solution before I could get my reply out. Based on the original message, let me suggest that you avoid plaintext passwords in your configuration file. See <http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords> for details.
-=- Jerry
mrokka
Mar 6, 2014, 12:23:44 AM3/6/14
to dropwiz...@googlegroups.com
Hi Sriram,
Are you using self-signed certificate or CA provided certificate. for me while using self-signed certificate its working fine but while using CA provided certificate I'm getting same error.
Regards,
Are you using self-signed certificate or CA provided certificate. for me while using self-signed certificate its working fine but while using CA provided certificate I'm getting same error.
Regards,
siddheshwar narke
Dec 14, 2015, 11:18:42 AM12/14/15
to dropwizard-user, sriram.i...@gmail.com
Hi,
I am having issues with CA certificates. I am getting "Unable to retrieve certificate chain" error.
Dropwizard application was running with self signed certificates but not with CA certificate.
Need some help with this issue.
Thanks,
Siddheshwar
On Monday, 9 September 2013 03:10:48 UTC-4, Sriram Narasimhan wrote:
Hi, (This question is after making lots of attempts over reading dropwiz manual, experimenting with example proj, reading mailinglists & googling.)
1) Generated a server certificate (genrsa -des3 key) & imported it to my jks keystore. Places my .jks file in project.
2) Configured my yml as below
http:
port: 8080
adminPort: 8081
connectorType: nonblocking+ssl
ssl:
keyStore: ./keystore.jks
keyStorePassword: ******
keyStoreType: JKS
3) Server starts clean with the following message
INFO [2013-09-09 06:57:40,939] com.yammer.dropwizard.cli.ServerCommand: Starting LoginService
INFO [2013-09-09 06:57:40,941] org.eclipse.jetty.server.Server: jetty-8.1.8.v20121106
INFO [2013-09-09 06:57:41,038] com.sun.jersey.server.impl.application.WebApplicationImpl: Initiating Jersey application, version 'Jersey: 1.15 10/30/2012 02:40 PM'
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment:
GET /login (com.myproject.loginspike.LoginResource)
POST /authenticate (com.myproject.loginspike.LoginResource)
INFO [2013-09-09 06:57:41,102] com.yammer.dropwizard.config.Environment: tasks =
POST /tasks/gc (com.yammer.dropwizard.tasks.GarbageCollectionTask)
INFO [2013-09-09 06:57:41,520] org.eclipse.jetty.util.ssl.SslContextFactory: Enabled Protocols [SSLv3, TLSv1] of [SSLv2Hello, SSLv3, TLSv1]
INFO [2013-09-09 06:57:41,539] org.eclipse.jetty.server.AbstractConnector: Started InstrumentedSslSelectChannelConne...@0.0.0.0:8080
INFO [2013-09-09 06:57:41,541] org.eclipse.jetty.server.AbstractConnector: Started SocketC...@0.0.0.0:8081
Reply all
Reply to author
Forward
0 new messages