我用我的SSL证书来自第三方 - 我用下面的命令要使用SSL-Config还是SSLContext?在阿卡的Http SSL的Java
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我已经提到阿卡HTTPS支持文档和编码创建的.p12密钥库以下
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主文件的代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
现在我能够绑定到Akka Http,并且根本没有报告错误,但是我的https请求在服务器上被拒绝(并且它甚至没有达到akka/http--所以没有错误登录akka系统)并且http://domainName.in是工作正常。
问题:
我缺少上述任何步骤??
我只使用SSLContext - 是的,或者我还会使用SSLConfig吗?如果是的话 - 那么我应该如何使用SSLConfig,因为似乎没有给出适当的文档
- 通过keytool使用Java默认密钥库是否必要?因为我相信使用openssl生成的wtkeystore.p12文件也是一个密钥存储并且足够使用。
更新的代码1: 的建议:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
,并还确保防火墙/网络是开放的443端口,但 netstat的仍呈现为“ESTABLISHED”和我做状态telnet到它,这个端口连接然后关闭
当我调试我得到SSLConfig和其他对象为None,除SSLContext对象。这是正常吗?
您需要使用'Connect.toHostHttps'来创建一个HTTPS服务器。 – jrudolph