Menu
I am having an issue with ssl configuration, my configuration is as follows:
server.port=8449
# self signed cert with CN=localhost used for https method tests
server.ssl.key-store=keystore.p12
server.ssl.key-password=password
server.ssl.key-alias=some-alias
server.ssl.key-store-type=PKCS12
If used with 1.3.7 version of spring boot everything is working. If upgraded to 1.4.0 on client side I get:
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:255)
at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:700)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:696)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:448)
And calling ssl port from chrome results:
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
Similar error from Firefox as well.
As I said only thing different in configuration is spring boot version. Am I missing something in configuration so it could be used with newer version of spring boot?
Thanks in advance Cheers!
P.S. I am not very knowledgeable in ssl related topics so please try to explain it for somewhat simple.
517
Create Spring-boot project and configure SSL 1 Generate spring boot project. Create one spring boot project from SPRING INITIALIZR site with dependencies Web and Rest Repositories. 2 Add REST endpoint. For testing purpose we will use one simple REST endpoint. ... 3 Spring boot SSL Configuration. ... 4 Demo. ...
Whether our keystore contains a self-signed certificate or one issued by a trusted Certificate Authority, we can now set up Spring Boot to accept requests over HTTPS instead of HTTP by using that certificate. The first thing to do is placing the keystore file inside the Spring Boot project.
Overview In this article, We will see spring boot SSL configuration example while embedded tomcat. HTTPs most preferable while the application is transforming important data over network layer like payment information, credit card information or any other secure and important information in a network.
To do that in spring boot, we need to add HTTP connector at 8080 port and then we need to set redirect port 8443. So that any request in 8080 through http, it would be automatically redirected to 8443 and https. To do that you just need to add below configuration.
I managed to resolve this issue thanks to this Boot's Tomcat SSLsample provided by Andy
server.port=8449
# self signed cert with CN=localhost used for https method tests
server.ssl.key-store=keystore.p12
server.ssl.key-password=password
server.ssl.key-alias=some-alias
server.ssl.key-store-type=PKCS12
My guess (I could be wrong about this) is that Tomcat 8.5.4 requires specified server.ssl.key-store-password=password it's not enough with just the server.ssl.key-password being specified so after updating the configuration I came up with something like this:
server.port=8449
# self signed cert with CN=localhost used for https method tests
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=changeit
server.ssl.key-alias=some-alias
server.ssl.key-password=changeit
server.ssl.key-store-type=PKCS12
And now it works as intended :) Hope this answer helps someone else.
P.S. Yeah, I know it's bad to use the same password for both specific key and the general store, but this is just a test key store.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With