Clever Geek Handbook

Grizzly Server canceled SSL handshaking

I have questions about using SSL with a self signed certificate. I used this example here http://people.apache.org/~gmazza/restexamples/https-clientserver-grizzly

unit test works fine. However, if I started the grizzly server and tried to use curl to get resources, I got errors like:

curl -v https://localhost:8443/api/v1/hello
* Adding handle: conn: 0x7ff69b004400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7ff69b004400) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 8443 (#0)
*   Trying ::1...
*   Trying fe80::1...
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake

I am already adding the certificate to the system keychains, always trusting all categories. However, no browser can get the resource. Here is the error message I received from Chrome.

Unable to make a secure connection to the server. This might be a server issue, or you might need a client authentication certificate that you don't have. Error code: ERR_SSL_PROTOCOL_ERROR

Has anyone else faced the same problem?

ADD:

For curl, I generated java keystore and cert using the key tool

keytool  -genkey -keystore ./keystore_server -alias serverKey -dname "CN=localhost, OU=Jersey, O=Sun Microsystem, L=Prague, ST=Czech Republic, C=CZ"  
keytool -export -alias serverKey -rfc -keystore ./keystore_server > ./server.cert
openssl x509 -in server.cert -inform PEM -text -out server.pem

Then I ran

curl -E server.pem -v https://localhost:8443/api/v1/hello -u "username:password"

However, I got the same error as before.

For browsers, I now got it working for Firefox and Chrome. However, I still have problems with Safari. I got an error message that says Safari cannot open the page because safari cannot establish a secure connection to the server. Anyone have any idea how I can make the safari happy?

+3


source to share


1 answer


However, if I start the grizzly server and try to use curl to get resources, I get errors like ...

cURL does not use the operating system keyring. The exception to the rule is if cURL is built against SecureTransport

for iOS or OS X. See curl.1 man page and -E

or --cert

. And even so, it's not for trusted anchors.

If you have a specific CA that you would like to use to certify the server, you must specify it with the option --cacert

. You can also specify a package cacert.pem

with this option. See curl.1 man page .

Chrome ... Error Code: ERR_SSL_PROTOCOL_ERROR

This is another problem. Chrome uses the operating system keystore. See Chromium Projects' Root Certificate Policy .



To fix this, you can look at Getting Chrome to Accept Self Signed Localhost Certificate .

It might be a good idea to post a certificate with your question. Use the following to generate it (assuming it's PEM encoded):

openssl x509 -in <cert> -inform PEM -text -noout

Has anyone else faced the same problem?

Others may have run into the problem too.

+1


source






More articles:


All Articles