在Dropwizard中设置SSL
[英]Setting up SSL in Dropwizard
问题描述
I am trying to set up SSL in my Dropwizard server. 
我想在我的Dropwizard服务器中设置SSL。 I have got my SSL from GoDaddy and have received a couple of files from them namely: 我从GoDaddy获得了SSL,并从他们那里收到了几个文件:
- gd_bundle-g2-g1.crt gd_bundle-G2-g1.crt
- b78*********.crt (basically a file named like a random string) b78 *********。crt(基本上是一个名为随机字符串的文件)
I have added the gd_bundle-g2-g1.crt certificate with alias root in my keystore and have added the other one with my domain alias. 我在我的密钥库中添加了带别名root的gd_bundle-g2-g1.crt证书,并添加了另一个带有我的域别名的证书。
My .yml configuration file looks like this: (I have just pasted the relevant section of the .yml file) 我的.yml配置文件如下所示:(我刚刚粘贴了.yml文件的相关部分)
server:
applicationConnectors:
- type: http
port: 8080
- type: https
port: 8443
keyStorePath: keystore/myKeyStore.jks
keyStorePassword: "myPassword"
validateCerts: true
adminConnectors:
- type: http
port: 8081
The problem is that whenever I am trying to launch my server I am receiving the following error: 问题是,每当我尝试启动我的服务器时,我收到以下错误:
java.lang.IllegalStateException: Unable to retrieve certificate chain
When I set the validateCerts as false in the .yml above then, for obvious reason, this error goes away but when I try to access the URL I get: Connection closed error when trying to access the URL 当我在上面的.yml中将validateCerts设置为false时,由于显而易见的原因,此错误消失但当我尝试访问URL时,我得到: 尝试访问URL时连接已关闭错误
I seem to be stuck real bad. 我好像很难受。 My server is working perfectly with http but https just doesn't work! 我的服务器与http完美配合,但https只是不起作用! :( Given my end goal of making https work and my current scenario, I have the following questions: :(鉴于我的最终目标是使https工作和我当前的场景,我有以下问题:
- Am I handling the certificate files incorrectly? 我是否错误地处理了证书文件?
- Is there something missing in my .yml file that needs to be added or is there something wrong there? 我的.yml文件中是否缺少需要添加的内容或者是否存在错误?
- Or is it something that I am missing from this picture altogether? 或者这是我在这张照片中完全遗漏的东西?
Appreciate your help. 感谢您的帮助。
2 个解决方案
解决方案1
6 已采纳 2016-01-26 13:03:10
The issue is finally resolved! 问题终于解决了! Here is how I got it to work (hope this helps anyone who is having a hard time figuring out how to make SSL work with Dropwizard) 以下是我如何使用它(希望这有助于任何人很难找到如何使用Dropwizard进行SSL工作)
- Firstly I had to concatenate the contents of
b78*********.crtandgd_bundle-g2-g1.crt(make sure that the contents of theb78*********.crtare before the other file).首先,我必须连接b78*********.crt和gd_bundle-g2-g1.crt的内容(确保b78*********.crt的内容在之前另一个文件)。 Let's refer to that file as all_combined.crt from now.让我们从现在开始将该文件称为all_combined.crt。 - Then I had to run this command to generate a .p12 file: 然后我必须运行此命令来生成.p12文件:
C:\\xampp\\apache\\bin>openssl.exe pkcs12 -export -in all_combined.crt -inkey myKey.key -out keystore.p12 -CAfile temp.crt
myKey.key is the file that you must have created while generating the CSR to request the SSL from the authority. myKey.key是生成CSR以从权限请求SSL时必须创建的文件。
- Then I had to run this command to include the above generate .p12 into my keystore: 然后我必须运行此命令将上面的生成.p12包含到我的密钥库中:
C:\\Program Files\\Java\\jdk1.8.0_65\\bin\\keystore>..\\keytool.exe -importkeystore -srckeystore keystore.p12 -destkeystore myKeyStore.jks -srcstoretype pkcs12 -deststoretype jks
That's all what is required in the keystore. 这就是密钥库中所需的全部内容。
- Finally I made a slight change in the .yml file: 最后我在.yml文件中稍作修改:
server: applicationConnectors: - type: http port: 8080 - type: https port: 8443 keyStorePath: ./keystore/myKeyStore.jks keyStorePassword: "myPassword" validateCerts: false validatePeers: false
Note that I have set the validateCerts and validatePeers to false. 请注意,我已将validateCerts和validatePeers设置为false。 Then I just restarted my Dropwizard server and everything started working as expected and my server was listening and responding to port 8443! 然后我重新启动了我的Dropwizard服务器,一切都按预期开始工作,我的服务器正在监听并响应端口8443! :-) :-)
PS: I am not 100% sure on what each step does or whether each of these are required. PS:我不是100%确定每个步骤的作用或是否需要每个步骤。 But after searching for hours and hours I've finally got something to work and would definitely read about the details of this later when I have some time. 但是经过几个小时的搜索,我终于有了一些工作,当我有一段时间的时候,肯定会读到这个细节。 Till then hope this unblocks someone who's stuck on it. 然后希望这会阻止那些坚持下去的人。
解决方案2
3 2017-04-24 16:44:53
For others that will come I solved this problem in Dropwizard/Linux in another way. 对于即将到来的其他人,我以另一种方式在Dropwizard / Linux中解决了这个问题。
First generate your keys: 首先生成你的密钥:
keytool -genkey -alias <aliasname> -keyalg RSA -keystore keystore.jks -keysize 2048
Then generate your CSR: 然后生成您的CSR:
keytool -certreq -alias <aliasname> -file csr.txt -keystore keystore.jks
Open your csr.txt and copy all content. 打开csr.txt并复制所有内容。 Go to GoDaddy paste it and download the two .crt files as Others. 转到GoDaddy粘贴它并将两个.crt文件下载为Others。
Then concatenate the contents of b78*********.crt and gd_bundle-g2-g1.crt (make sure that the contents of the b78*********.crt are before the other file). 然后连接b78 *********。crt和gd_bundle-g2-g1.crt的内容(确保b78 *********。crt的内容在另一个文件之前)。 Let's refer to that file as all_combined.crt from now. 让我们从现在开始将该文件称为all_combined.crt。
Finally combine your trust certs with your .jks: 最后将您的信任证书与.jks结合使用:
keytool -import -trustcacerts -keystore keystore.jks -storepass <keystorepassword> -alias <aliasname> -file all_combined.crt
Then on your .yml file let this: 然后在你的.yml文件中让这个:
applicationConnectors:
- type: http
port: 8080
- type: https
port: 8443
keyStorePath: keystore.jks
keyStorePassword: <keystorepassword>
keyStoreType: JKS
supportedProtocols: [TLSv1, TLSv1.1, TLSv1.2]
That is it, have fun! 就是这样,玩得开心!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.