Re: [jetty-users] ssl setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] ssl setup

From: Justin Sands <justin_sands2000@xxxxxxxxx>
Date: Mon, 17 Jan 2011 07:17:00 -0800 (PST)
Delivered-to: jetty-users@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=MNfSgqSqfnFO3EQ7ijBRqdAREKYQYmxXIcRbdj2J/CptOlmpUEWiUXLVXu9nRlDL2C/IhJjtIizbeXcrCS5OrmAa3MXZNk2xuSRA2unim+dYt43Rxu3mwlkiGzT4fbZP8W9QlxxSsuyk4BTIGnnJx+h4AHPARm7M7hbTSI6a+KQ=;
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Most likely your client certificate is self signed. This won't work.

> javax.net.ssl.SSLException: Received fatal alert: unknown_ca
Your certificate authority (ca) must sign the client cert. The CA's certificate (not private key)
should be the only thing in your truststore.

From: Miten Mehta <Miten.Mehta@xxxxxxxxxxxxxxxxx>
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Sent: Mon, January 17, 2011 7:45:38 AM
Subject: [jetty-users] ssl setup

Hi,

I have c:\working\mykeystore\.jetty_keystore in which I created and imported certificate using openssl and commands from
http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

The keystore imported pkcs12 as entry with alias 1 so I changed it to alias jetty. I am trying clear text passwords but I am just doing things locally on pc.

The keystore is only keystore I have setup and I have jetty-ssl.xml as below:
<Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
    <Set name="Port">8443</Set>
    <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
    <Set name="Keystore">C:/working/mykeystore/.jetty_keystore</Set>
    <Set name="Password">storePass123</Set>
    <Set name="KeyPassword">password</Set>
        <Set name="truststore">C:/working/mykeystore/.jetty_keystore</Set>
        <Set name="trustPassword">storePass123</Set>
      </New>
    </Arg>
</Call>

is it a problem that both keystore and truststore are same ?

I get below in jetty logs:

2011-01-17 17:57:54.500:INFO::Started SslSelectChannelConnector@0.0.0.0:8443
2011-01-17 17:57:54.500:DBUG::STARTED SslSelectChannelConnector@0.0.0.0:8443
org.eclipse.jetty.server.Server@9e5c73 STOPPED
+-DebugHandler@4fc156 started
    +-HandlerCollection@1a06e38 started
       +-ContextHandlerCollection@2200d5 started
       +-DefaultHandler@64ab4d started

2011-01-17 17:57:54.500:DBUG::STARTED org.eclipse.jetty.server.Server@9e5c73
2011-01-17 17:57:54.921:DBUG::loaded class org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2 from ContextLoader@Test WebApp([file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/classes/, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-client-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-continuation-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-http-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-io-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-servlets-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-util-7.1.4.v20100610.jar]) / StartLoader[file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/com.sun.el_1.0.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/ecj-3.6RC4.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.el_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/jetty-jsp-2.1-7.1.4.v20100610.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.jasper.glassfish_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/resources/]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2856]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:17.955:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:00:18.095:WARN::javax.net.ssl.SSLException: Received fatal alert: unknown_ca
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:DBUG::EOF org.eclipse.jetty.io.EofException
2011-01-17 18:00:55.096:DBUG::org.eclipse.jetty.io.nio.SelectorManager$SelectSet@bd09e8 JVM BUG(s) - cancelled keys 1 times
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2884]
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:05:24.833:WARN::javax.net.ssl.SSLException: Received fatal alert: access_denied
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:DBUG::EOF org.eclipse.jetty.io.EofException

Regards,

Miten

Follow-Ups:
- Re: [jetty-users] ssl setup
  - From: Miten Mehta
- Re: [jetty-users] ssl setup
  - From: Miten Mehta

References:
- [jetty-users] ssl setup
  - From: Miten Mehta

Prev by Date: Re: [jetty-users] ssl setup
Next by Date: [jetty-users] HTTPS: Equivalent to HostnameVerifier?
Previous by thread: Re: [jetty-users] ssl setup
Next by thread: Re: [jetty-users] ssl setup
Index(es):
- Date
- Thread

Breadcrumbs