Hi Sachit, I'd agree with Douglas - I tried to get SSL working with GoDaddys certs - and just couldn't get it working. When I went to LetsEncrypt it all worked much more cleanly and the instructions also worked. I'm now hosting successfully using SSL on an AWS instance using LetsEncrypt certs. The script I developed to process the certs into my keystore (if it helps) is as follows:
//download then run letsEncrypts's certbot to generate the certs. // Note that port 443 redirection needs to be switch off temporarily - this is a feature of my AWS instance and may not be required for you, but you might need to turn off // any redirection if you have it enabled to allow certbot to work sudo iptables -t nat -L --line-numbers (to list) sudo iptables -t nat -D PREROUTING 2 (chosing the right line number to delete) sudo iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443 (puts it back in after certbot has run) ./certbot-auto certonly -w . -d schej.co.uk -d www.schej.co.uk //Will put the certs somewhere so read the logs. Copy the certs from that location to a new folder, and cd to it. //From there, run openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out fullchain_and_key.p12 -name dw -caname root // the passwords asked for are new ones (passwords) to create and secure the store keytool -importkeystore -deststorepass YourMasterPassword -destkeypass YourMasterPassword -destkeystore MyKeystore.jks -srckeystore cert_and_ket.p12 -srcstoretype PKCS12 -alias dw //this creates the new store - using the password from the first step above - change the 'MyKeystore' and YourMasterPassword' as necessary keytool -import -trustcacerts -alias root -file fullchain.pem -keystore MyKeystore.jks // this adds the cert chain back in - SSL should now be set up Chris On Tuesday, 26 January 2016 08:21:00 UTC, Sanchit Khattry wrote: > > I am trying to set up SSL in my Dropwizard > <http://www.dropwizard.io/0.9.2/docs/> server. I have got my SSL from > GoDaddy and have received a couple of files from them namely: > > 1. gd_bundle-g2-g1.crt > 2. b78*********.crt (basically a file named like a random string) > > I have added the *gd_bundle-g2-g1.crt* certificate with alias *root* in > my keystore and have added the other one with my domain alias. > > My .yml configuration file looks like this: (I have just pasted the > relevant section of the .yml file) > > > server: > applicationConnectors: > - type: http > port: 8080 > - type: https > port: 8443 > keyStorePath: keystore/myKeyStore.jks > keyStorePassword: "myPassword" > validateCerts: true > > adminConnectors: > - type: http > port: 8081 > > > The problem is that whenever I am trying to launch my server I am > receiving the following error: > > java.lang.IllegalStateException: Unable to retrieve certificate chain > > When I set the *validateCerts* as false in the .yml above then, for > obvious reason, this error goes away but when I try to access the URL I > get: Connection closed error when trying to access the URL > <http://i.stack.imgur.com/ct1aP.png> > I seem to be stuck real bad. My server is working perfectly with http but > https just doesn't work! :( Given my end goal of making https work and my > current scenario, I have the following questions: > > 1. Am I handling the certificate files incorrectly? > 2. Is there something missing in my .yml file that needs to be added > or is there something wrong there? > 3. Or is it something that I am missing from this picture altogether? > > Appreciate your help! :-) > > PS: I have asked the same question in stackoverflow > <http://stackoverflow.com/questions/35002780/setting-up-ssl-in-dropwizard> > and > followed the comment by Austin but even that didn't seem to work. > > > -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
