My https server doesn't work.

San Jose boy

unread,

Sep 30, 2014, 10:17:39 PM9/30/14

to ve...@googlegroups.com

Hi All,

I'd like to configure my local machine as to be a https server with vertx, I generated my jks file from this link.

http://serverfault.com/questions/483465/import-of-pem-certificate-chain-and-key-to-java-keystore

My code is here:


import org.vertx.java.core.AsyncResult;
import org.vertx.java.core.Future;
import org.vertx.java.core.Handler;
import org.vertx.java.core.buffer.Buffer;
import org.vertx.java.core.http.HttpClient;
import org.vertx.java.core.http.HttpClientRequest;
import org.vertx.java.core.http.HttpClientResponse;
import org.vertx.java.core.http.HttpServer;
import org.vertx.java.core.http.HttpServerRequest;
import org.vertx.java.core.http.RouteMatcher;
import org.vertx.java.platform.*;
public class sshserver extends Verticle {

	int port = 443;
    @Override
    public void start(Future<Void> startedResult) {
        final boolean ssl = true;
        RouteMatcher httpRouteMatcher = new RouteMatcher();
        httpRouteMatcher.get("/version", new Handler<HttpServerRequest>(){

			@Override
			public void handle(HttpServerRequest req) {
				
				System.out.println("version api was called.");
				 req.response().end("{\"version\":\"1.0\", \"status\":\"0\"}");
			}
        	
        });
        
        final HttpServer https = vertx.createHttpServer();
        if(ssl){
            https.setSSL(true).setKeyStorePath("C:\\Users\\xx\\Desktop\\certificates\\xx.jks").setKeyStorePassword("123456");
        }
        https.requestHandler(httpRouteMatcher).listen(port, new Handler<AsyncResult<HttpServer>>() {
            @Override
            public void handle(AsyncResult<HttpServer> a) {
               
            	System.out.println("Server is running and listening to port on 8080");
            	/*HttpClient client = vertx.createHttpClient().setHost("127.0.0.1").setPort(port);
                
                if(ssl) {
                    client
                    .setSSL(true)
                    .setTrustAll(true);
                }

                HttpClientRequest req = client.get("/version", new Handler<HttpClientResponse>() {
                    @Override
                    public void handle(HttpClientResponse event) {
                    	event.dataHandler(new Handler<Buffer>(){
							@Override
							public void handle(Buffer arg0) {
								System.out.println("version response:\r\n" + arg0.toString());
							}
                    	});
                    }
                });
                String content = "{\"hello\":\"world\"}";
                req.headers()
                .set("Content-Type", "application/json")
                .set("Content-Length", content.length()+"");

                req.write(content)
                .end();*/
            }
        });
    }
}

I got error when I wanted to access my aip in browser.

https://127.0.0.1/version

My server has no error. What's wrong with my program?

Any suggestion?

Thanks in advance.

Alexander Lehmann

unread,

Oct 1, 2014, 3:58:05 PM10/1/14

to ve...@googlegroups.com

Your example works for me, either you are not connecting to your own localhost due to some proxy config or your server is only listening on the ipv6 address maybe

what does netstat -an say?

San Jose man

unread,

Oct 3, 2014, 7:48:19 PM10/3/14

to ve...@googlegroups.com

Hi Alexander,

Sorry for replying so late. I tested two cases in my local machine.

Case 1:

Port 443, ssl = true; I got these info when I executed "netstat -an". it seems port 443 is being listened to. but I couldn't access with url https://127.0.0.1/version or https://10.97.1.130/version or https://localhost/version. error is below:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error code: ERR_SSL_PROTOCOL_ERROR

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 10.97.1.130.443 *.* LISTEN

tcp46 0 0 *.* *.* CLOSED

tcp4 0 0 10.97.1.130.49188 74.125.239.140.443 ESTABLISHED

tcp4 0 0 10.97.1.130.49182 74.125.239.148.443 ESTABLISHED

tcp4 0 0 10.97.1.130.49181 74.125.239.131.443 ESTABLISHED

tcp4 0 0 10.97.1.130.49179 10.97.1.138.445 ESTABLISHED

tcp4 0 0 10.97.1.130.49166 74.125.20.188.5228 ESTABLISHED

tcp4 0 0 10.97.1.130.49154 17.110.224.140.5223 ESTABLISHED

tcp4 0 0 *.80 *.* LISTEN

tcp4 0 0 *.8001 *.* LISTEN

tcp4 0 0 *.8000 *.* LISTEN

tcp4 0 0 *.7070 *.* LISTEN

tcp4 0 0 *.554 *.* LISTEN

tcp4 0 0 *.1220 *.* LISTEN

tcp4 0 0 *.22 *.* LISTEN

tcp6 0 0 *.22 *.* LISTEN

tcp4 0 0 127.0.0.1.631 *.* LISTEN

tcp6 0 0 ::1.631 *.* LISTEN

udp6 0 0 *.63041 *.*

udp4 0 0 *.63041 *.*

udp6 0 0 *.52278 *.*

udp4 0 0 *.52278 *.*

udp6 0 0 *.49517 *.*

udp4 0 0 *.49517 *.*

udp4 0 0 *.* *.*

udp6 0 0 *.53548 *.*

udp4 0 0 *.53548 *.*

udp6 0 0 *.51800 *.*

udp4 0 0 *.51800 *.*

udp6 0 0 *.55590 *.*

udp4 0 0 *.55590 *.*

udp6 0 0 *.61589 *.*

udp4 0 0 *.61589 *.*

udp6 0 0 *.50835 *.*

udp4 0 0 *.50835 *.*

udp4 0 0 *.* *.*

udp6 0 0 *.51515 *.*

udp4 0 0 *.51515 *.*

udp4 0 0 *.50167 *.*

udp4 0 0 *.* *.*

udp4 0 0 127.0.0.1.6971 *.*

udp4 0 0 127.0.0.1.6970 *.*

udp4 0 0 10.97.1.130.123 *.*

udp6 0 0 fe80::22c9:d0ff:.123 *.*

udp6 0 0 ::1.123 *.*

udp4 0 0 127.0.0.1.123 *.*

udp6 0 0 fe80::1%lo0.123 *.*

udp6 0 0 *.123 *.*

udp4 0 0 *.123 *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp6 0 0 *.5353 *.*

udp4 0 0 *.5353 *.*

udp4 0 0 *.138 *.*

udp4 0 0 *.137 *.*

icm6 0 0 *.* *.*

case2:

port 4000, ssl = false;

I got below info when I executed "netstat -an". it worked fine accessing with url http://127.0.0.1:4000/version

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 10.97.1.130.4000 *.* LISTEN

tcp46 0 0 *.* *.* CLOSED

tcp4 0 0 10.97.1.130.49179 10.97.1.138.445 ESTABLISHED

tcp4 0 0 10.97.1.130.49166 74.125.20.188.5228 ESTABLISHED

tcp4 0 0 10.97.1.130.49154 17.110.224.140.5223 ESTABLISHED

tcp4 0 0 *.80 *.* LISTEN

tcp4 0 0 *.8001 *.* LISTEN

tcp4 0 0 *.8000 *.* LISTEN

tcp4 0 0 *.7070 *.* LISTEN

tcp4 0 0 *.554 *.* LISTEN

tcp4 0 0 *.1220 *.* LISTEN

tcp4 0 0 *.22 *.* LISTEN

tcp6 0 0 *.22 *.* LISTEN

tcp4 0 0 127.0.0.1.631 *.* LISTEN

tcp6 0 0 ::1.631 *.* LISTEN

udp6 0 0 *.63041 *.*

udp4 0 0 *.63041 *.*

udp6 0 0 *.52278 *.*

udp4 0 0 *.52278 *.*

udp6 0 0 *.49517 *.*

udp4 0 0 *.49517 *.*

udp4 0 0 *.* *.*

udp6 0 0 *.53548 *.*

udp4 0 0 *.53548 *.*

udp6 0 0 *.51800 *.*

udp4 0 0 *.51800 *.*

udp6 0 0 *.55590 *.*

udp4 0 0 *.55590 *.*

udp6 0 0 *.61589 *.*

udp4 0 0 *.61589 *.*

udp6 0 0 *.50835 *.*

udp4 0 0 *.50835 *.*

udp4 0 0 *.* *.*

udp6 0 0 *.51515 *.*

udp4 0 0 *.51515 *.*

udp4 0 0 *.50167 *.*

udp4 0 0 *.* *.*

udp4 0 0 127.0.0.1.6971 *.*

udp4 0 0 127.0.0.1.6970 *.*

udp4 0 0 10.97.1.130.123 *.*

udp6 0 0 fe80::22c9:d0ff:.123 *.*

udp6 0 0 ::1.123 *.*

udp4 0 0 127.0.0.1.123 *.*

udp6 0 0 fe80::1%lo0.123 *.*

udp6 0 0 *.123 *.*

udp4 0 0 *.123 *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp6 0 0 *.5353 *.*

udp4 0 0 *.5353 *.*

udp4 0 0 *.138 *.*

udp4 0 0 *.137 *.*

icm6 0 0 *.* *.*

I didn't set any proxy in my local machine. How do I know my server is only listening on the ipv6 address?

I got this info when I executed "ifconfig" command on my machine.

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>

ether a8:20:66:13:b1:e5

media: autoselect (none)

status: inactive

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 20:c9:d0:be:a1:13

inet6 fe80::22c9:d0ff:febe:a113%en1 prefixlen 64 scopeid 0x5

inet 10.97.1.130 netmask 0xffffff00 broadcast 10.97.1.255

media: autoselect

status: active

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 02:c9:d0:be:a1:13

media: autoselect

status: inactive

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr 00:3e:e1:ff:fe:93:90:ca

media: autoselect <full-duplex>

status: inactive

Alexander Lehmann

unread,

Oct 4, 2014, 8:39:29 AM10/4/14

to ve...@googlegroups.com

If the server is listening and the tcp connect works, it probably an issue with the client settings of the browser or you have an invalid certificate for the server for some reason. I have yet tried this only with a demo certificate I created with keytool directly with a new cert store file, that works with the usual error message about an untrusted cert.

You could try another browser or access the server with curl, maybe that will give a better error message. Or you could to create a new test cert with the command mentioned in this page https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html (just localhost as CN), maybe your cert is missing some attributes.

...

Alexander Lehmann

unread,

Oct 4, 2014, 10:11:41 AM10/4/14

to ve...@googlegroups.com

Actually, it would also be interesting what keytool -list -v prints.

San Jose boy

unread,

Oct 6, 2014, 5:01:38 PM10/6/14

to ve...@googlegroups.com

Hi Alexander,

Thanks for you help. It worked with an untrusted cert after I followed the example which you gave. I think you are right. it proved the error came from JKS but code. I will request another JKS file to try it again.

Thanks very much.

Reply all

Reply to author

Forward