stackoom
  简体   繁体   中英

AWS EC2 with Elastic Load balancer not sending SSL Certificate

 原文  2021-04-15 22:23:54       java/ amazon-web-services/ ssl

Question

I have a server that is sending an HTTPPost request with the Apache HttpClient in Java. I am trying to send the post with my cert attached for validation and the other side is saying they are not receiving anything SSL information. I inherited this code/server setup with minimal documentation so I don't necessarily know it was set up properly in the first place.

Here is the setup.

  1. AWS EC2 server. Linux
  2. Elastic Load balancer setup with SSL Cert.
    a. Verified this is working as intended when I visit the server via port 443
  3. Tomcat7 running API server
  4. Java 1.8.0_251
  5. Apache httpclient-4.5.9

Being that there are ways to attach the certificate to each level of this I don't fully understand where the problem is.

Most of the ways I have found revolve around attaching the SSL to the outgoing request in the httpclient object but have been unsuccessful. They are a variation on the following...

KeyStore identityKeyStore  = KeyStore.getInstance("JKS");
            identityKeyStore.load(identity_file, CERTPASSWORD.toCharArray());

            SSLContext sslContext = SSLContexts.custom()
                    .loadKeyMaterial(identityKeyStore, CERTPASSWORD.toCharArray()).build(); // load client certificate

            sslConnectionSocketFactory = new SSLConnectionSocketFactory(
                    sslContext,
                    new String[]{"TLSv1.2", "TLSv1.1"},
                    null,
                    SSLConnectionSocketFactory.getDefaultHostnameVerifier());

This has not worked and I have verified the.jks file is properly formatted and verified the password. Although if this works as I test on a windows machine I would assume this would be the best option.

This server only has outgoing requests to a few sources all of which will need to be SSL verified so I don't mind if it is sent on every outgoing https request.

Is there somewhere else in my setup that I should be looking into attaching the certificate?

1 answers

solution1
 1  2021-04-16 00:03:12

If there is a Load balancer with SSL configured then the SSL stops at the load balancer, and your client certificate is never making it to the server. Client SSL certificates only get passed to the server when the server has an SSL certificate installed on it, and the load balancer is in TCP passthrough mode.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I build a service throttle in EC2 infront of the elastic load balancer? Add certificate to AWS EC2 client Java web service SSL on AWS EC2? Unable to load AWS credentials on EC2 Instance How do I configure a load balancer in an AWS Elastic Beanstalk environment? SSL offloading with load balancer Elastic Search SSL Certificate Expiry Run Spring Boot 2.0.3 application on AWS EC2 with Elastic Search 6.2.3 Java timezone & AWS EC2 Where is my jar in Elastic Beanstalk EC2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM