Ferdoran
Reputation: 71
Secure Grizzly HttpServer (HTTPS)
Currently I Have a problem getting my Grizzly Server to run with HTTPS. I am using it in combination with Jersey.
Grizzly Version is: 2.3.23
Jersey version: 2.24.1
Here is how I start the server:
public class Main {
public static final String BASE_URI = "https://localhost:8443/api/";
private static final String KEYSTORE_LOC = "I:\\rest-api\\keystore";
//private static final String KEYSTORE_LOC = "./server.cert";
private static final String KEYSTORE_PASS= "somepw123";
public static HttpServer startServer() {
final ResourceConfig rc = new ResourceConfig()
.register(MultiPartFeature.class)
.packages("com.restapi");
SSLContextConfigurator sslCon = new SSLContextConfigurator();
sslCon.setKeyStoreFile(KEYSTORE_LOC);
sslCon.setKeyStorePass(KEYSTORE_PASS);
return GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc, true,new SSLEngineConfigurator(sslCon).setClientMode(false).setNeedClientAuth(false));
}
The keystore file was generated with keytool:
keytool -genkey -keystore ./keystore -alias serverKey -dname
When I try to open the URL my browser tells me:
localhost unexpectedly closed the connection
Thank you for your help!
Upvotes: 3
Views: 2776
Answers (1)
Ferdoran
Reputation: 71
Fixed the issue by adding a Truststore file as well.
Code looks like this now:
public class Main {
public static final String BASE_URI = "https://localhost:8443/api/";
private static final String KEYSTORE_LOC = "./keystore_server";
private static final String KEYSTORE_PASS= "keystorePass";
private static final String TRUSTSTORE_LOC = "./truststore_server";
private static final String TRUSTSTORE_PASS = "truststorePass";
private static HttpServer startServer() {
final ResourceConfig rc = new ResourceConfig()
.register(MultiPartFeature.class)
.packages("com.restapi");
SSLContextConfigurator sslCon = new SSLContextConfigurator();
sslCon.setKeyStoreFile(KEYSTORE_LOC);
sslCon.setKeyStorePass(KEYSTORE_PASS);
sslCon.setTrustStoreFile(TRUSTSTORE_LOC);
sslCon.setTrustStorePass(TRUSTSTORE_PASS);
return GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc, true,new SSLEngineConfigurator(sslCon).setClientMode(false).setNeedClientAuth(false));
}
Key- and truststore file created with these commands:
keytool -genkey -keyalg RSA -keystore ./keystore_client -alias clientKey
keytool -export -alias clientKey -rfc -keystore ./keystore_client > ./client.cert
keytool -import -alias clientCert -file ./client.cert -keystore ./truststore_server
keytool -genkey -keyalg RSA -keystore ./keystore_server -alias serverKey
keytool -export -alias serverKey -rfc -keystore ./keystore_server > ./server.cert
keytool -import -alias serverCert -file ./server.cert -keystore ./truststore_client
Upvotes: 3
Related Questions
- SSL with Grizzly and Jersey
- How to setup basic Jersey/Grizzly 2.21 SSL startup configuration
- Rest API SSL With certs signed by ca
- Basic HTTP authentication with Jersey / Grizzly
- GrizzlyHttpServerFactory.createHttpServer @GET with parameters
- Grizzly with TLS - Handshaking issue
- Embedded Java HTTPS server for integration testing
- SSL-REST-server with grizzly, ResourceConfig instance does not contain any root resource classes
- Jersey restful web service on grizzly server, client javascript
- Enable Grizzly to perform JaaS simple HTTP AUTH