Setting up SSL in Dropwizard

java ssl https keystore dropwizard
11,583

Solution 1

The issue is finally resolved! Here is how I got it to work (hope this helps anyone who is having a hard time figuring out how to make SSL work with Dropwizard)

  1. Firstly I had to concatenate the contents of b78*********.crt and gd_bundle-g2-g1.crt (make sure that the contents of the b78*********.crt are before the other file). Let's refer to that file as all_combined.crt from now.
  2. Then I had to run this command to generate a .p12 file:

C:\xampp\apache\bin>openssl.exe pkcs12 -export -in all_combined.crt -inkey myKey.key -out keystore.p12 -CAfile temp.crt

myKey.key is the file that you must have created while generating the CSR to request the SSL from the authority.

  1. Then I had to run this command to include the above generate .p12 into my keystore:

C:\Program Files\Java\jdk1.8.0_65\bin\keystore>..\keytool.exe -importkeystore -srckeystore keystore.p12 -destkeystore myKeyStore.jks -srcstoretype pkcs12 -deststoretype jks

That's all what is required in the keystore.

  1. Finally I made a slight change in the .yml file:
server:
  applicationConnectors:
  - type: http
    port: 8080
  - type: https
    port: 8443
    keyStorePath: ./keystore/myKeyStore.jks
    keyStorePassword: "myPassword"
    validateCerts: false
    validatePeers: false

Note that I have set the validateCerts and validatePeers to false. Then I just restarted my Dropwizard server and everything started working as expected and my server was listening and responding to port 8443! :-)

PS: I am not 100% sure on what each step does or whether each of these are required. But after searching for hours and hours I've finally got something to work and would definitely read about the details of this later when I have some time. Till then hope this unblocks someone who's stuck on it.

Solution 2

For others that will come I solved this problem in Dropwizard/Linux in another way.

First generate your keys:

 keytool -genkey -alias <aliasname> -keyalg RSA -keystore keystore.jks -keysize 2048

Then generate your CSR:

 keytool -certreq -alias <aliasname> -file csr.txt -keystore keystore.jks

Open your csr.txt and copy all content. Go to GoDaddy paste it and download the two .crt files as Others.

Then concatenate the contents of b78*********.crt and gd_bundle-g2-g1.crt (make sure that the contents of the b78*********.crt are before the other file). Let's refer to that file as all_combined.crt from now.

Finally combine your trust certs with your .jks:

keytool -import -trustcacerts -keystore keystore.jks -storepass <keystorepassword> -alias <aliasname> -file all_combined.crt

Then on your .yml file let this:

  applicationConnectors:
- type: http
  port: 8080
- type: https
  port: 8443
  keyStorePath: keystore.jks
  keyStorePassword: <keystorepassword>
  keyStoreType: JKS
  supportedProtocols: [TLSv1, TLSv1.1, TLSv1.2]

That is it, have fun!

Share:
11,583
Sanchit Khattry
Author by

Sanchit Khattry

Updated on June 16, 2022

Comments

  • Sanchit Khattry
    Sanchit Khattry almost 2 years


    I am trying to set up SSL in my Dropwizard server. I have got my SSL from GoDaddy and have received a couple of files from them namely:

    1. gd_bundle-g2-g1.crt
    2. b78*********.crt (basically a file named like a random string)

    I have added the gd_bundle-g2-g1.crt certificate with alias root in my keystore and have added the other one with my domain alias.

    My .yml configuration file looks like this: (I have just pasted the relevant section of the .yml file)

    server:
  applicationConnectors:
  - type: http
    port: 8080
  - type: https
    port: 8443
    keyStorePath: keystore/myKeyStore.jks
    keyStorePassword: "myPassword"
    validateCerts: true

  adminConnectors:
  - type: http
    port: 8081

    The problem is that whenever I am trying to launch my server I am receiving the following error:

    java.lang.IllegalStateException: Unable to retrieve certificate chain

    When I set the validateCerts as false in the .yml above then, for obvious reason, this error goes away but when I try to access the URL I get: Connection closed error when trying to access the URL
    I seem to be stuck real bad. My server is working perfectly with http but https just doesn't work! :( Given my end goal of making https work and my current scenario, I have the following questions:

    1. Am I handling the certificate files incorrectly?
    2. Is there something missing in my .yml file that needs to be added or is there something wrong there?
    3. Or is it something that I am missing from this picture altogether?

    Appreciate your help.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSLHandshakeException: Received fatal alert: handshake_failure after Java 6 -> 8 upgrade
Tomcat HTTPS keystore certificate
what is keyAlias="aaaa" in tomcat server.xml file
How to specify outbound certificate alias for HTTPS-calls?
Flutter https with self signed certificate
javax.net.ssl.SSLException: Certificate for <> doesn't match any of the subject alternative names: []
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
How to enable TLSv1.2 in JAVA 7u80 client
java.security.NoSuchAlgorithmException: (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
Using BouncyCastle for a simple HTTPS query