同一台机器上具有相同证书的两个服务之间的相互认证

Question

I've a simple spring boot service ( service A ) that has some REST API exposed. For adding https support, I used the same certificate that is issued to another service ( service B ) present in the same box. Here's my application.properties file

server.ssl.enabled=true
server.ssl.client-auth=need
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=password
server.ssl.key-store-type=JKS
server.ssl.trust-store-password=password
server.ssl.trust-store=keystore.jks
server.ssl.trust-store-type=JKS

This seems to be working when the connection to service A is made from a client that's not service B . I enabled mutual authentication between services so that client cert is validated. When a request is being made from B to A , I am getting error

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at sun.security.ssl.Alert.createSSLException(Alert.java:117)

After enabling the ssl debug, I found this error to be causing this

upcoming handshake states: server finished[20]
*** Certificate chain
<Empty>
***
https-jsse-nio-8090-exec-4, fatal error: 42: null cert chain

I checked and re-checked that the keystore and truststore are set properly, yet, no luck. Is there a way I can make this work with server and client having same certificate? Appreciate any pointers on how I can make it work (with the same cert) as I have been struggling with this for a week.

Answer 1

Does your JKS contain the whole chain? If you look inside, do you have the whole chain all the way to the root certificate?

The error is telling you that it cant find the chain. Your certificate is probably self-signed? or your JKS doesnt have the full chain.

See similar Stackoverflow question: CamelJettyWebSocketServer, fatal error: 42: null cert chain