Setting up SSL in Dropwizard
Solution 1
The issue is finally resolved! Here is how I got it to work (hope this helps anyone who is having a hard time figuring out how to make SSL work with Dropwizard)
- Firstly I had to concatenate the contents of
b78*********.crt
andgd_bundle-g2-g1.crt
(make sure that the contents of theb78*********.crt
are before the other file). Let's refer to that file as all_combined.crt from now. - Then I had to run this command to generate a .p12 file:
C:\xampp\apache\bin>openssl.exe pkcs12 -export -in all_combined.crt -inkey myKey.key -out keystore.p12 -CAfile temp.crt
myKey.key is the file that you must have created while generating the CSR to request the SSL from the authority.
- Then I had to run this command to include the above generate .p12 into my keystore:
C:\Program Files\Java\jdk1.8.0_65\bin\keystore>..\keytool.exe -importkeystore -srckeystore keystore.p12 -destkeystore myKeyStore.jks -srcstoretype pkcs12 -deststoretype jks
That's all what is required in the keystore.
- Finally I made a slight change in the .yml file:
server: applicationConnectors: - type: http port: 8080 - type: https port: 8443 keyStorePath: ./keystore/myKeyStore.jks keyStorePassword: "myPassword" validateCerts: false validatePeers: false
Note that I have set the validateCerts and validatePeers to false. Then I just restarted my Dropwizard server and everything started working as expected and my server was listening and responding to port 8443! :-)
PS: I am not 100% sure on what each step does or whether each of these are required. But after searching for hours and hours I've finally got something to work and would definitely read about the details of this later when I have some time. Till then hope this unblocks someone who's stuck on it.
Solution 2
For others that will come I solved this problem in Dropwizard/Linux in another way.
First generate your keys:
keytool -genkey -alias <aliasname> -keyalg RSA -keystore keystore.jks -keysize 2048
Then generate your CSR:
keytool -certreq -alias <aliasname> -file csr.txt -keystore keystore.jks
Open your csr.txt and copy all content. Go to GoDaddy paste it and download the two .crt files as Others.
Then concatenate the contents of b78*********.crt and gd_bundle-g2-g1.crt (make sure that the contents of the b78*********.crt are before the other file). Let's refer to that file as all_combined.crt from now.
Finally combine your trust certs with your .jks:
keytool -import -trustcacerts -keystore keystore.jks -storepass <keystorepassword> -alias <aliasname> -file all_combined.crt
Then on your .yml file let this:
applicationConnectors:
- type: http
port: 8080
- type: https
port: 8443
keyStorePath: keystore.jks
keyStorePassword: <keystorepassword>
keyStoreType: JKS
supportedProtocols: [TLSv1, TLSv1.1, TLSv1.2]
That is it, have fun!
Sanchit Khattry
Updated on June 16, 2022Comments
-
Sanchit Khattry almost 2 years
I am trying to set up SSL in my Dropwizard server. I have got my SSL from GoDaddy and have received a couple of files from them namely:- gd_bundle-g2-g1.crt
- b78*********.crt (basically a file named like a random string)
I have added the gd_bundle-g2-g1.crt certificate with alias root in my keystore and have added the other one with my domain alias.
My .yml configuration file looks like this: (I have just pasted the relevant section of the .yml file)
server: applicationConnectors: - type: http port: 8080 - type: https port: 8443 keyStorePath: keystore/myKeyStore.jks keyStorePassword: "myPassword" validateCerts: true adminConnectors: - type: http port: 8081
The problem is that whenever I am trying to launch my server I am receiving the following error:
java.lang.IllegalStateException: Unable to retrieve certificate chain
When I set the validateCerts as false in the .yml above then, for obvious reason, this error goes away but when I try to access the URL I get: Connection closed error when trying to access the URL
I seem to be stuck real bad. My server is working perfectly with http but https just doesn't work! :( Given my end goal of making https work and my current scenario, I have the following questions:- Am I handling the certificate files incorrectly?
- Is there something missing in my .yml file that needs to be added or is there something wrong there?
- Or is it something that I am missing from this picture altogether?
Appreciate your help.