SSL connectivity between server and client using vertx

1
votes

I am trying to achieve SSL connectivity between server and client using vertx. I have generated server certificate and stored in keystore, extracted the cert from keystore and imported it into truststore. But when i m trying to connect server to client, getting below error: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

The generated keystore.jks and truststore.jks, i have kept it in separate folder and i m referring this location in my code.

Using vertx i have done below, server code:

HttpServer server =vertx.createHttpServer(new HttpServerOptions().setSsl(true).setKeyStoreOptions(
                new JksOptions().setPath("C:\\Desktop\\keystore.jks").setPassword("xxxxx")
              ));
        // Creating HttpServer
        server.requestHandler(router::accept).listen((int) configs.get(Constants.PORT));

client code:

 WebClientOptions options = new WebClientOptions();
      options.setKeepAlive(config().getBoolean("webClient.keepAlive", true));
      options.setMaxPoolSize(config().getInteger("webClient.maxPoolSize", 200));
      options.setSsl(true);
      options.setTrustStoreOptions(new JksOptions()
        .setPath("C:/Desktop/truststore.jks")
        .setPassword("xxxxx")
      );
      WebClient webClient = WebClient.create(vertx, options);

server side:

io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)

client side:

Caused by: java.security.cert.CertificateException: No name matching localhost found
    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
1
sslhttpsvert.xkeytool
Have you tried disabling hostname verification?tsegismont

1 Answers

0
votes

I was trying to call the server api with hostname : localhost. But while generating certificate i have given CN something else. When i tried calling api using the same CN - worked fine.