SSL support in Netty IO Through Custom Certificate

Question

I am trying to support SSL on Netty version 4.0.23.Final.

I referred to the sample examples provided by Netty - NettyHTTPSnoop

And it is working fine

However, I need to support it through my custom generated certificate. So, I used following openssl command for generating certificate -

D:\Program_Files\OpenSSL-Win64\bin>openssl req -x509 -keyout abc.key -out xyz.csr -newkey                  rsa:2048 -config D:\Program_Files\OpenSSL-Win64\bin\openssl.cfg
WARNING: can't open config file: /usr/local/ssl/openssl.cnf 
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
..+++
...........+++
writing new private key to 'abc.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:---
State or Province Name (full name) [Some-State]:--
Locality Name (eg, city) []:----
Organization Name (eg, company) [Internet Widgits Pty Ltd]:----
Organizational Unit Name (eg, section) []:----
Common Name (e.g. server FQDN or YOUR name) []:-----
Email Address []:------

And I updated my ChannelInitializer as following -

public class ProxyClientChannelInitializer extends
    ChannelInitializer<SocketChannel> {

@Override
protected void initChannel(SocketChannel ch) throws Exception {

    SelfSignedCertificate ssc = new SelfSignedCertificate();
 //  SslContext sslCtx = SslContext.newServerContext(ssc.certificate(), ssc.privateKey());


    SslContext sslCtx = SslContext.newServerContext(new File(
            "./key/xyz.csr"), new File("./key/abc.key"),"password");

    ch.pipeline().addLast(sslCtx.newHandler(ch.alloc()));

    ch.pipeline().addLast(new LoggingHandler(LogLevel.INFO));

    ch.pipeline().addLast(
            "codec",
            new HttpServerCodec(Integer.MAX_VALUE, Integer.MAX_VALUE,
                    Integer.MAX_VALUE));

    ch.pipeline().addLast("aggregator",
            new HttpObjectAggregator(Integer.MAX_VALUE));

    ch.pipeline().addLast(new ProxyClientChannelHandler());

}
}

When I run my program, I got following error -

io.netty.channel.ChannelInitializer channelRegistered
WARNING: Failed to initialize a channel. Closing: [id: 0x90e8990c, /192.168.56.1:58340 =>    /192.168.56.1:8088]
javax.net.ssl.SSLException: failed to initialize the server-side SSL context
   at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:187)
   at io.netty.handler.ssl.SslContext.newServerContext(SslContext.java:189)
   at io.netty.handler.ssl.SslContext.newServerContext(SslContext.java:99)
at     test.example.netty.proxy.ProxyClientChannelInitializer.initChannel(ProxyClientChannelInitializer.java:31)
at test.example.netty.proxy.ProxyClientChannelInitializer.initChannel(ProxyClientChannelInitializer.java:1)
at io.netty.channel.ChannelInitializer.channelRegistered(ChannelInitializer.java:69)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:158)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:144)
at io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:732)
at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:442)
at io.netty.channel.AbstractChannel$AbstractUnsafe.access$100(AbstractChannel.java:374)
at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:418)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:380)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:357)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.5.13 SecretKeyFactory not available
at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:121)
at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:159)
at io.netty.handler.ssl.JdkSslServerContext.generateKeySpec(JdkSslServerContext.java:231)
at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:148)
... 16 more

I do not know where is my mistake whether certificate is not properly generated or problem is in code. Please help me to resolve it. I search about it on Google but nothing seems working.

Answer 1

For other's reference, I am also writing the command that I used for creating key in pkcs8 format -

openssl pkcs8 -topk8 -inform PEM -outform PEM -in abc.key -out abc.pem

Answer 2

If you are directly passing in a key it needs to be in pkcs8 format as defined in the Netty docs.