Grails 3.3.5 with SSL certificate

0
votes

I have _client-cert.pem and client-key.pem and ca.pem files which I am trying to add to my grails project.

I used following commands :

Convert client keys/certificate files to PKCS#12 before creating a keystore

openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem \ 
-name “mysqlclient” -passout pass:mypassword -out client-keystore.p12

  1. Create a Java Keystore using the client-keystore.p12 file

    keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 \ -srcstorepass mypassword -destkeystore keystore -deststoretype JKS -deststorepass mypassword

Then Modified my application.yml file with that path :

enabled: true
key-store: /..../proxreg
key-store-password:kjsfghsfjlhgl
keyStoreType: pkcs12
keyAlias: tomcat

I was wondering if I am missing any step or what am I doing wrong. I am getting access denied error but when I try to connect thro mysql wokbench it works

1
sslgrailskeystore
Is this the exact indenting you are using for the application.yml? If so, the problem is most likely there.cfrick

1 Answers

0
votes

You can generate a self-signed certificate using the openssl command-line utility.

We can use openssl's req command to create a self-signed certificate:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Above will prompt you to supply metadata about the certificate, such as Country, Organization, etc. Moreover, it will ask you to provide a PEM pass phrase. Enter a random password and keep it safe; we will need in the next step.

Now you have you self-signed certificate. Unfortunately Grails (and Spring Boot) doesn’t support the PEM format directly. Instead, we need to use the PKCS12 format for our keys. Fortunately, there is another openssl command to make the conversion:

openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 -name tomcat -caname root

Update grails-app/conf/application.yml with the following lines:

server:
    port: 8443
    ssl:
        keyStore: /certificates/keystore.p12
        keyStorePassword: secret
    #    keyAlias: tomcat

Above all worked fine with me. for more information please refer this and this

Hope this will help you.