我无法使用SSL配置Dropwizard ..
按如下方式创建密钥/证书:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -days 365 -out server.crt -x509
keytool -import -file server.crt -keystore keystore.jks
我已将生成的keystore.jks与我的配置文件(yml)放在一起。 我的配置文件的http条目为:
http:
port: 8443
connectorType: nonblocking+ssl
ssl:
keyStore: ./keystore.jks
keyStorePassword: XXXXXX
启动服务器。设置例外:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) ~[na:1.7.0_51]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_51]
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1177) ~[na:1.7.0_51]
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1149) ~[na:1.7.0_51]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.7.0_51]
有人可以帮我解决这个问题吗?
答案 0 :(得分:4)
发送请求时会发生这种情况 使用以下步骤重新创建密钥库并且它正常工作。
openssl pkcs12 -export -name myservercert -in cert.pem -inkey privkey.pem -out keystore.p12
keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
答案 1 :(得分:0)
在dropwizard配置(yml文件)中添加类似于下面的内容。
connector:
type: https
port: 8443
keyStorePath: /path/to/ssl/directory/keystore.jks
keyStorePassword: changeme
trustStorePath: /path/to/jre/lib/security/cacerts
certAlias: selfsigned
答案 2 :(得分:-2)
添加到您的配置文件(DW 0.7.1)并删除您不需要的内容:
adminConnectors:
- type: http
port: 8081
- type: https
port: 8444
keyStorePath: config/unsecure.keystore
keyStorePassword: password
validateCerts: true
headerCacheSize: 512 bytes
outputBufferSize: 32KiB
maxRequestHeaderSize: 8KiB
maxResponseHeaderSize: 8KiB
inputBufferSize: 8KiB
idleTimeout: 30 seconds
minBufferPoolSize: 64 bytes
bufferPoolIncrement: 1KiB
maxBufferPoolSize: 64KiB
acceptorThreads: 1
selectorThreads: 2
acceptQueueSize: 8
reuseAddress: true
soLingerTime: 345s
useServerHeader: true
useDateHeader: true
useForwardedHeaders: true