Search code examples
javasslhttpskeystoredropwizard

Setting up SSL in Dropwizard


I am trying to set up SSL in my Dropwizard server. I have got my SSL from GoDaddy and have received a couple of files from them namely:

  1. gd_bundle-g2-g1.crt
  2. b78*********.crt (basically a file named like a random string)

I have added the gd_bundle-g2-g1.crt certificate with alias root in my keystore and have added the other one with my domain alias.

My .yml configuration file looks like this: (I have just pasted the relevant section of the .yml file)

server:
  applicationConnectors:
  - type: http
    port: 8080
  - type: https
    port: 8443
    keyStorePath: keystore/myKeyStore.jks
    keyStorePassword: "myPassword"
    validateCerts: true

  adminConnectors:
  - type: http
    port: 8081

The problem is that whenever I am trying to launch my server I am receiving the following error:

java.lang.IllegalStateException: Unable to retrieve certificate chain

When I set the validateCerts as false in the .yml above then, for obvious reason, this error goes away but when I try to access the URL I get: Connection closed error when trying to access the URL
I seem to be stuck real bad. My server is working perfectly with http but https just doesn't work! :( Given my end goal of making https work and my current scenario, I have the following questions:

  1. Am I handling the certificate files incorrectly?
  2. Is there something missing in my .yml file that needs to be added or is there something wrong there?
  3. Or is it something that I am missing from this picture altogether?

Appreciate your help.

Solution

  • The issue is finally resolved! Here is how I got it to work (hope this helps anyone who is having a hard time figuring out how to make SSL work with Dropwizard)

    1. Firstly I had to concatenate the contents of b78*********.crt and gd_bundle-g2-g1.crt (make sure that the contents of the b78*********.crt are before the other file). Let's refer to that file as all_combined.crt from now.
    2. Then I had to run this command to generate a .p12 file:

    C:\xampp\apache\bin>openssl.exe pkcs12 -export -in all_combined.crt -inkey myKey.key -out keystore.p12 -CAfile temp.crt

    myKey.key is the file that you must have created while generating the CSR to request the SSL from the authority.

    1. Then I had to run this command to include the above generate .p12 into my keystore:

    C:\Program Files\Java\jdk1.8.0_65\bin\keystore>..\keytool.exe -importkeystore -srckeystore keystore.p12 -destkeystore myKeyStore.jks -srcstoretype pkcs12 -deststoretype jks

    That's all what is required in the keystore.

    1. Finally I made a slight change in the .yml file:
    server:
  applicationConnectors:
  - type: http
    port: 8080
  - type: https
    port: 8443
    keyStorePath: ./keystore/myKeyStore.jks
    keyStorePassword: "myPassword"
    validateCerts: false
    validatePeers: false

    Note that I have set the validateCerts and validatePeers to false. Then I just restarted my Dropwizard server and everything started working as expected and my server was listening and responding to port 8443! :-)

    PS: I am not 100% sure on what each step does or whether each of these are required. But after searching for hours and hours I've finally got something to work and would definitely read about the details of this later when I have some time. Till then hope this unblocks someone who's stuck on it.