SSL sertificate server Installation

880 views
Skip to first unread message

Dmitry Govoruhin

unread,
Apr 9, 2016, 3:21:39 PM4/9/16
to vert.x
Hi all, I had a small problem with the installation of the ssl certificate on the server. I am a registered certificate and he came to me in the mail with private key. 

-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
.....
-----END RSA PRIVATE KEY-----


but i got some exception when trying to set up on my vertx server. I just save my certificate  in file with extension .pem, it can be my problem or something else? Thanks for your help!

public class Server {
    public static void main(String[] args) {
        Vertx vertx = Vertx.vertx();

        HttpServerOptions serverOptions = new HttpServerOptions()
                .setSsl(true)
                .setPemKeyCertOptions(
                        new PemKeyCertOptions()
                                .setKeyPath("D:/repositary/server-ssl/keystore/private.pem")
                                .setCertPath("D:/repositary/server-ssl/keystore/public.pem")
                );


        HttpServer httpServer = vertx.createHttpServer(serverOptions);

        httpServer.requestHandler(context -> {
            context.bodyHandler(System.out::println);
        }).listen(443);
    }
}

Exception in thread "main" io.vertx.core.VertxException: java.lang.RuntimeException: Missing -----BEGIN PRIVATE KEY----- delimiter
   at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:158)
   at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:254)
   at io.vertx.core.net.impl.SSLHelper.validate(SSLHelper.java:262)
   at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:187)
   at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:159)
   at com.flaidzers.java.server.ssl.Server.main(Server.java:28)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)
   at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: java.lang.RuntimeException: Missing -----BEGIN PRIVATE KEY----- delimiter
   at io.vertx.core.net.impl.KeyStoreHelper.loadPem(KeyStoreHelper.java:227)
   at io.vertx.core.net.impl.KeyStoreHelper.loadPrivateKey(KeyStoreHelper.java:246)
   at io.vertx.core.net.impl.KeyStoreHelper.access$000(KeyStoreHelper.java:47)
   at io.vertx.core.net.impl.KeyStoreHelper$KeyCert.loadStore(KeyStoreHelper.java:190)
   at io.vertx.core.net.impl.KeyStoreHelper.getKeyMgrs(KeyStoreHelper.java:126)
   at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:135)
   ... 10 more



Julien Viet

unread,
Apr 10, 2016, 7:17:11 AM4/10/16
to ve...@googlegroups.com
Hi,

your .pem file is in traditional key format, you need to convert it to PKCS#8 format:

openssl pkcs8 -topk8 -inform pem -in private.pem -outform pem -nocrypt -out private2.pem

and use private2.pem

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/e34283d6-1454-4dc9-bab9-a152c6be5510%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Alexander Lehmann

unread,
Apr 10, 2016, 10:14:23 AM4/10/16
to vert.x
I have converted certificates to p12 and then imported them into a jks:

openssl pkcs12 -export -inkey server.key -in server.crt -certfile rootCA.pem -out server.p12

keytool -importkeystore -srckeystore server.p12 -srcstorepass password -destkeystore server.jks -deststorepass password -srcstoretype pkcs12 -deststoretype jks

Julien Viet

unread,
Apr 10, 2016, 12:58:44 PM4/10/16
to ve...@googlegroups.com
note that upcoming OpenSSL support in 3.3 needs to use .pem format

-- 
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.

Julien Viet

unread,
Apr 10, 2016, 1:08:58 PM4/10/16
to ve...@googlegroups.com
but only for OpenSSL engine of course :-)

Dmitry Govoruhin

unread,
Apr 11, 2016, 9:45:17 AM4/11/16
to vert.x
Hi Julien, thanks you so much, it is helped solve my problem!
Reply all
Reply to author
Forward
0 new messages