Reputation: 333
Spring WebFlux Netty SSL with Self Signed Certificate error
I'm trying to access my Spring Boot application running on Netty via https in localhost, using a self signed certificate on server side.
My application.properties looks like this:
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=test.jks
server.ssl.key-store-password=password
server.ssl.key-alias=testkey
I've generated the keystore via:
keytool -genkeypair -alias testkey -keyalg RSA -keysize 4096 -keystore test.jks -validity 36500
I'm getting the following error:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
I tried to import the certificate to the JDK truststore, even to the OS but still the same. One source suggested to name the key alias as "testkey" to make it work, which didn't work either. Since there are no other mentions of this error in Google, I'm hoping you could help.
Upvotes: 2
Views: 4525
Answers (3)
Reputation: 985
Extending @Peter answer -
Download mkcert release from https://github.com/FiloSottile/mkcert/releases or build directly from source.
On Windows to generate self-signed cert in p12 format -
mkcert-v1.4.1-windows-amd64.exe -pkcs12 -p12-file self-signed-cert.p12 localhost 127.0.0.1 ::1
And add following configuration to Spring Boots properties file -
server.ssl.key-store=classpath:self-signed-cert.p12
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
Note - classpath if you are adding self-signed-cert.p12 in resources folder. If you want to run it from a specific location server.ssl.key-store=./self-signed-cert.p12
Upvotes: 1
Reputation: 333
I managed to solve by generating a locally valid cert with https://github.com/FiloSottile/mkcert
Upvotes: 1
Reputation: 2282
This server.ssl.key-store=test.jks specifies that your test.jks is located in the root folder of your project, so check whether it is really there.
If you have this file somewhere else in the class path, you can use classpath scheme in order to specify the location of the file i.e.server.ssl.key-store=classpath:<path-to-the-file>/test.jks
Upvotes: 0
Related Questions
- Spring WebClient throws javax.net.ssl.SSLException: SSLEngine closed already when used heavily
- Configure HostnameVerifier with reactor netty for spring-webflux WebClient
- Spring Webclient, The connection observed an error io.netty.handler.ssl.SslClosedEngineException: SSLEngine closed already
- Java SpringBoot Webflux: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
- Spring Boot WebCLient accept Self Signed Certificate, but not with InsecureTrustManagerFactory
- HttpServer tcpConfiguration Deprecated
- Spring Boot 2 using Webflux, Netty and HTTP2, causing invalid certificate, possible misconfiguration
- Can't start Netty server in Spring Webflux 2.1.0.RELEASE
- Spring Webflux Netty http and https
- How do I configure reactor-netty to use SSL?