Comments (33)
so finally I & @Hakky54 resolved the issue and it was something to do with classpath and truststore wasn't getting initialised properly. it got resolved after using the absolute path for store. more to it there were some other small problems but those got resolved in less time that the first one.
from mutual-tls-ssl.
from mutual-tls-ssl.
Hi mpkmtv,
thank you, good to know that up till the last section everything worked out well for you.
Regarding your issue, the stack trace is complaining that one or both of the trustAnchors parameters are empty. Basically what is means is:
- The truststore is empty
- The password of the truststore is empty
- The truststore is not found, or
- The truststore couldn't be opened (due to access permissions for example).
Could you post your application.yml file of the client here?
from mutual-tls-ssl.
from mutual-tls-ssl.
I copied your properties to the corresponding application.yml file of the server and client ond my machine and I am not getting an exception. Could you provide your stack-trace?
from mutual-tls-ssl.
from mutual-tls-ssl.
It looks like an issue with the truststore within the client project. This specific exception could mean:
The truststore is:
- empty,
- not found, or
- couldn't be opened
The valid location for the truststore.jks and identity.jks are:
- mutuals-tls/client/src/test/resources/identity.jks
- mutuals-tls/client/src/test/resources/truststore.jks
Could you check the above options? If it is still not resolved, let's do a remote session so I can assist you instantly through a video call.
from mutual-tls-ssl.
from mutual-tls-ssl.
from mutual-tls-ssl.
This exception will be thrown if the certificate is untrusted by one of the sides. So it means that the certificate of the server is not in the truststore of the client or the other way around, so it could be that the certificate of the client is not in the truststore of the server. Could you reimport the certificate of the client into the truststore of the server and also reimport the certificate of the server into the truststore of the client and recompile and start the test again?
from mutual-tls-ssl.
from mutual-tls-ssl.
from mutual-tls-ssl.
Having the same root-ca certificate in both of the trust stores are fine.
The import message from your last comment doesn't look ok. It should have given you the following message: Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Could you please try again exactly all the steps from chapter Creating a Certificate Authority
including the openssl commands.
Somehow exporting your identity certificate and signing it with the root-ca has not happend.
from mutual-tls-ssl.
from mutual-tls-ssl.
Sure, add me at Discord and let's continue over there. My username is Hakky54#8471
from mutual-tls-ssl.
from mutual-tls-ssl.
David and I did a remote video session and retried the steps described in the Readme and it worked with the first try. Looking at the exception what David had previously it could mean that the certificate was not trusted because it wasn't signed properly or wasn't trusted.
from mutual-tls-ssl.
Hey @Hakky54 , did you solve above issue with @mpkmtv ? I am also getting same issue and struggling with same.
from mutual-tls-ssl.
Yes we resolved the issue. We could not find the root cause but we started from scratch with the tutorial and followed everything step by step. So my assumption was that he missed a step in the tutorial back then. Can you try to run the script test-all-scenarios.sh file and share your results here?
from mutual-tls-ssl.
I checked your repo but you mentioned that Java 11 is must and I am on jdk 8 and I can't upgrade it.
from mutual-tls-ssl.
Yes we resolved the issue. We could not find the root cause but we started from scratch with the tutorial and followed everything step by step. So my assumption was that he missed a step in the tutorial back then. Can you try to run the script test-all-scenarios.sh file and share your results here?
do you have some time for video call?
from mutual-tls-ssl.
I am not available today and tomorrow, but from Sunday onwards I am available everyday for a call. Let's continue the chat on Gitter and discuss the next steps https://gitter.im/hakky54/mutual-tls-ssl
from mutual-tls-ssl.
Hi @sameer-dighe , I'm also getting same error like Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Could you please help me to resolve this error?
from mutual-tls-ssl.
- The truststore is empty
- The password of the truststore is empty
- The truststore is not found, or
- The truststore couldn't be opened (due to access permissions for example).
Hi @chetnajoshi889 your issue might be related to one of the options quoted above. Or your truststore does not contain the trusted certificates
from mutual-tls-ssl.
Hi @Hakky54 ,
I am also facing the same issue, tried all sorts of corrections but no luck.
Please assist me in solving this, have an urgent delivery to make and I am stuck on this point since past two days.
from mutual-tls-ssl.
Hi @rajatzeal
Can you maybe share some code snippets, than I will be able to understand how you setup your client with ssl.
from mutual-tls-ssl.
this is the basic setup for initialising Google chrome and it’s settings
from mutual-tls-ssl.
I can share my screen if you are available for a call, I’m really stuck with the issue and would appreciate your help
from mutual-tls-ssl.
I can understand your setup is not working. The ssl configuration of Selenium with the ChromeDriver is just not working with only the ChromeOptions. I would suggest to have a look at this stackoverflow answer here: https://stackoverflow.com/a/56170148/6777695
In the example above all https requests are getting intercepted and being executed alongside with ayour custom sslcontext.
The author has made his code snippet available here at GitHub: https://github.com/patricsteiner/seleniumSslProxy
I am fully booked today and tomorrow unfortunatelly , so I don't have time... But looking at the code snippet on that GitHub page I think you will get it working. Please give it a try and I still can try to assist you if you share your progress over here.
from mutual-tls-ssl.
Ok , will try to check with these solutions.
Meanwhile please try if you could take out time today, just a quick call would do
from mutual-tls-ssl.
I will be available at 13:00 CEST till 14:00 CEST, so we can have a look at it. Let's use Teamviewer. You can share your teamviewer id and password on the private Gitter chat with me directly
from mutual-tls-ssl.
We did a short call with @rajatzeal and it seems like his HttpClient was not trusting the certificate of the server. It is the same point which I mentioned here: #1 (comment)
He needs to export the server certificate, create a SSLContext and configure his HttpClient so the client will trust the server.
from mutual-tls-ssl.
I noticed that a-lot of developers are facing this exception or similar ones. If anyone has still trouble resolving these kind of issues feel free to ping me, I am able to provide support. My mail address is [email protected]
from mutual-tls-ssl.
Related Issues (19)
- 找不到客户端启动ssl认证的配置 HOT 4
- class path resource [identity.jks] cannot be resolved to URL because it does not exist HOT 5
- Asking help about the No Subject Alternative Name HOT 4
- Asking help about the check the Certificate Status with OCSP with TLS Connection? HOT 1
- Can't call the server with 2-way TLS based on trusting CA authority - javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this server certificate chain HOT 7
- Access Server using curl command HOT 9
- A request for examples using standard servers with JAX-RS instead of SpringBoot HOT 1
- Server example with jersey and tomcat HOT 1
- Server example with jboss wildfly HOT 1
- alias does not exist HOT 2
- Missing instructions for running ClientRunnerIT HOT 3
- Server with HttpsServer from com.sun.net.httpserver HOT 12
- Build with mvn is not working HOT 2
- Specif CLASSPATH setting instructions would be beneficial HOT 3
- An explicit instructions which tell how I can run ClientRunnerIT would be beneficial. HOT 3
- Enable Client Cert validation only for a single end point at Service end (Spring Boot Java)? HOT 6
- All client tests fail, potential regression from a dependency HOT 7
- Invalid Keystore Format HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mutual-tls-ssl.