英文:
Cannot create SSL connection with Vertx server and client
问题
我正在尝试在Vertx HttpServer和HttpClient之间测试SSL连接。因为我没有任何证书,所以我创建了一些自签名证书,就像这样:
keytool -genkeypair -alias selfsigned -keyalg RSA -keystore keystore.jks -storepass pass -keysize 2048 -validity 360
我已经生成了一个公共证书,如下所示:
keytool -export -alias selfsigned -keystore keystore.jks -rfc -file public.cert
然后我执行了以下操作:
keytool -import -file public.cert -alias public -keystore trustStore.jks
然后我尝试以我能想象的任何可能的顺序将它们添加为Server和Client的JksOptions,但它们全部在客户端端生成相同的错误:
> Future{cause=Failed to create SSL connection}
我不明白我做错了什么,尽管我阅读了关于密钥库和信任库的大量资料,但任何组合都无法为我的程序工作。如果我将客户端设置为trustAll(true)
,连接将成功建立。
以下是服务器和客户端的设置:
HttpServerOptions httpServerOptions = new HttpServerOptions();
JksOptions serverOptions = new JksOptions();
serverOptions
.setPassword("pass")
.setPath("src/main/resources/file/keystore.jks");
httpServerOptions
.setSsl(true)
.setKeyStoreOptions(serverOptions);
HttpClientOptions httpClientOptions = new HttpClientOptions();
JksOptions clientOptions = new JksOptions();
clientOptions
.setPassword("pass")
.setPath("src/main/resources/file/trustStore.jks");
HttpClient client = vertx.createHttpClient(httpClientOptions
.setSsl(true)
.setTrustStoreOptions(clientOptions)
);
上述代码出现在两个单独的Verticle中,并且分别运行。可能的问题是什么?
- 我已经检查过证书在密钥库和信任库中都有出现
- CN = localhost,因为最终我的客户端websocket执行以下操作:
client.webSocket(8080, "127.0.0.1",...)
- 我尝试过设置
.setVerifyHost(false)
,结果相同 - 我已经尝试过其他问题中的解决方案,但它们都没有生效。
英文:
I am trying to test an SSL connection between a Vertx HttpServer and HttpClient. Because I don't have any certificates, I created some self signed certificate like this:
keytool -genkeypair -alias selfsigned -keyalg RSA -keystore keystore.jks -storepass pass -keysize 2048 -validity 360
I have generated a public certificate as such:
keytool -export -alias selfsigned -keystore keystore.jks -rfc -file public.cert
And then I
keytool -import -file public.cert -alias public -keystore trustStore.jks
Then I tried adding them as JksOptions to the Server and Client in any possible order I could imagine and all of them generate the same error on the client side:
> Future{cause=Failed to create SSL connection}
I don't understand what I do wrong and as much as I read about keystores and truststores, any combination didn't work for my program. If I set the client as trustAll(true)
, the connection happens succesfully.
Here are the settings for the server and the client:
HttpServerOptions httpServerOptions = new HttpServerOptions();
JksOptions options = new JksOptions();
options
.setPassword("pass")
.setPath("src/main/resources/file/keystore.jks");
httpServerOptions
.setSsl(true)
.setKeyStoreOptions(options);
HttpClientOptions httpClientOptions = new HttpClientOptions();
JksOptions options = new JksOptions();
options
.setPassword("pass")
.setPath("src/main/resources/file/trustStore.jks");
HttpClient client = vertx.createHttpClient(httpClientOptions
.setSsl(true)
.setTrustStoreOptions(options)
);
The code above appears in 2 separate Verticles and is run separately. What could be the issue?
- I have checked and the certificate does appear both in the keystore and truststore
- The CN = localhost, cause ultimately my client websocket does the following:
client.webSocket(8080, "127.0.0.1",...
- I tried setting
.setVerifyHost(false)
, same result - I have tried the solutions in the other questions and they didn't work
答案1
得分: 1
以下是创建自签名证书并在 vertx 中使用的步骤。
准备密钥库:
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit
以下是 vertx 代码:
vertx.createHttpServer(new HttpServerOptions()
.setSsl(true)
.setKeyStoreOptions(new JksOptions().setPassword("changeit")
.setPath("keystore.jks")))
.requestHandler(req -> req.response().end("Hello!"))
.listen(9999, "127.0.0.1");
HttpClient client = vertx.createHttpClient(new HttpClientOptions()
.setVerifyHost(false)
.setSsl(true)
.setTrustStoreOptions(new JksOptions().setPassword("changeit")
.setPath("keystore.jks")));
英文:
Here are the steps needed to create self signed certificates and to use the in vertx.
Preparing keystore:
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Here is vertx code:
vertx.createHttpServer(new HttpServerOptions()
.setSsl(true)
.setKeyStoreOptions(new JksOptions().setPassword("changeit")
.setPath("keystore.jks")))
.requestHandler(req -> req.response().end("Hello!"))
.listen(9999, "127.0.0.1");
HttpClient client = vertx.createHttpClient(new HttpClientOptions()
.setVerifyHost(false)
.setSsl(true)
.setTrustStoreOptions(new JksOptions().setPassword("changeit")
.setPath("keystore.jks")));
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论