无法与Vertx服务器和客户端创建SSL连接。

huangapple go评论82阅读模式
英文:

Cannot create SSL connection with Vertx server and client

问题

我正在尝试在Vertx HttpServer和HttpClient之间测试SSL连接。因为我没有任何证书,所以我创建了一些自签名证书,就像这样:

keytool -genkeypair -alias selfsigned -keyalg RSA -keystore keystore.jks -storepass pass -keysize 2048 -validity 360

我已经生成了一个公共证书,如下所示:

keytool -export -alias selfsigned -keystore keystore.jks -rfc -file public.cert

然后我执行了以下操作:

keytool -import -file public.cert -alias public -keystore trustStore.jks

然后我尝试以我能想象的任何可能的顺序将它们添加为Server和Client的JksOptions,但它们全部在客户端端生成相同的错误:

> Future{cause=Failed to create SSL connection}

我不明白我做错了什么,尽管我阅读了关于密钥库和信任库的大量资料,但任何组合都无法为我的程序工作。如果我将客户端设置为trustAll(true),连接将成功建立。

以下是服务器和客户端的设置:

HttpServerOptions httpServerOptions = new HttpServerOptions();
JksOptions serverOptions = new JksOptions();
serverOptions
    .setPassword("pass")
    .setPath("src/main/resources/file/keystore.jks");
httpServerOptions
    .setSsl(true)
    .setKeyStoreOptions(serverOptions);

HttpClientOptions httpClientOptions = new HttpClientOptions();
JksOptions clientOptions = new JksOptions();
clientOptions
    .setPassword("pass")
    .setPath("src/main/resources/file/trustStore.jks");
HttpClient client = vertx.createHttpClient(httpClientOptions
        .setSsl(true)
        .setTrustStoreOptions(clientOptions)
);

上述代码出现在两个单独的Verticle中,并且分别运行。可能的问题是什么?

  • 我已经检查过证书在密钥库和信任库中都有出现
  • CN = localhost,因为最终我的客户端websocket执行以下操作:client.webSocket(8080, "127.0.0.1",...)
  • 我尝试过设置.setVerifyHost(false),结果相同
  • 我已经尝试过其他问题中的解决方案,但它们都没有生效。
英文:

I am trying to test an SSL connection between a Vertx HttpServer and HttpClient. Because I don't have any certificates, I created some self signed certificate like this:

keytool -genkeypair -alias selfsigned -keyalg RSA -keystore keystore.jks -storepass pass -keysize 2048 -validity 360

I have generated a public certificate as such:

keytool -export -alias selfsigned -keystore keystore.jks -rfc -file public.cert

And then I

keytool -import -file public.cert -alias public -keystore trustStore.jks

Then I tried adding them as JksOptions to the Server and Client in any possible order I could imagine and all of them generate the same error on the client side:

> Future{cause=Failed to create SSL connection}

I don't understand what I do wrong and as much as I read about keystores and truststores, any combination didn't work for my program. If I set the client as trustAll(true), the connection happens succesfully.

Here are the settings for the server and the client:

   HttpServerOptions httpServerOptions = new HttpServerOptions();
        JksOptions options = new JksOptions();
        options
            .setPassword("pass")
            .setPath("src/main/resources/file/keystore.jks");
        httpServerOptions
            .setSsl(true)
            .setKeyStoreOptions(options);

    HttpClientOptions httpClientOptions = new HttpClientOptions();
    JksOptions options = new JksOptions();
    options
        .setPassword("pass")
        .setPath("src/main/resources/file/trustStore.jks");
    HttpClient client = vertx.createHttpClient(httpClientOptions
            .setSsl(true)
            .setTrustStoreOptions(options)
    );

The code above appears in 2 separate Verticles and is run separately. What could be the issue?

  • I have checked and the certificate does appear both in the keystore and truststore
  • The CN = localhost, cause ultimately my client websocket does the following: client.webSocket(8080, "127.0.0.1",...
  • I tried setting .setVerifyHost(false), same result
  • I have tried the solutions in the other questions and they didn't work

答案1

得分: 1

以下是创建自签名证书并在 vertx 中使用的步骤。

准备密钥库:

keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks

keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

以下是 vertx 代码:

vertx.createHttpServer(new HttpServerOptions()
                .setSsl(true)
                .setKeyStoreOptions(new JksOptions().setPassword("changeit")
                        .setPath("keystore.jks")))
                .requestHandler(req -> req.response().end("Hello!"))
                .listen(9999, "127.0.0.1");

HttpClient client = vertx.createHttpClient(new HttpClientOptions()
                .setVerifyHost(false)
                .setSsl(true)
                .setTrustStoreOptions(new JksOptions().setPassword("changeit")
                .setPath("keystore.jks")));
英文:

Here are the steps needed to create self signed certificates and to use the in vertx.
Preparing keystore:

keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks

keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

Here is vertx code:

vertx.createHttpServer(new HttpServerOptions()
                .setSsl(true)
                .setKeyStoreOptions(new JksOptions().setPassword("changeit")
                        .setPath("keystore.jks")))
                .requestHandler(req -> req.response().end("Hello!"))
                .listen(9999, "127.0.0.1");

HttpClient client = vertx.createHttpClient(new HttpClientOptions()
                .setVerifyHost(false)
                .setSsl(true)
                .setTrustStoreOptions(new JksOptions().setPassword("changeit")
                .setPath("keystore.jks")));

huangapple
  • 本文由 发表于 2020年9月22日 22:30:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/64011933.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定