0
我正在嘗試使用自簽名證書在我的akka-http服務器(localhost)上獲得安全連接。我沒有成功。Akka Http HTTPS配置導致Chrome返回ERR_SSL_VERSION_OR_CIPHER_MISMATCH
ssl上的Akka-http文檔有點含糊。我試圖收集來自各地的信息,但仍無法讓這個工作。
我創建了一個SSL特質象下面這樣:
trait MySslConfiguration {
def serverContext: HttpsContext = {
val password = "password".toCharArray
val context = SSLContext.getInstance("TLSv1.2")
val keyStore = KeyStore.getInstance("jks")
val keyStoreResource = "/scruples_keystore.jks"
val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
val trustManagerFactory = TrustManagerFactory.getInstance("SunX509")
keyStore.load(getClass.getClassLoader.getResourceAsStream(keyStoreResource), password)
keyManagerFactory.init(keyStore, password)
trustManagerFactory.init(keyStore)
context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getManagers, new SecureRandom())
val sslParams = context.getDefaultSSLParameters
sslParams.setEndpointIdentificationAlgorithm("HTTPS")
HttpsContext(sslContext = context
sslParameters = Some(sslParams),
enabledProtocols = Some(List("TLSv1.2", "TLSv1.1", "TLSv1")))
}
}
我的特點添加到我的服務器啓動像這樣:
object Main extends App with Core with RestInterface with MySslConfiguration {
val metricRegistry = new com.codahale.metrics.MetricRegistry()
override implicit val injector = GlobalInjector.getInjector
override implicit val system: ActorSystem = injector.instance[ActorSystem]
override def config: Config = injector.instance[Config]
override implicit def executor: ExecutionContextExecutor = system.dispatcher
override val logger: LoggingAdapter = Logging(system, getClass)
override implicit val materializer: Materializer = ActorMaterializer()
val routes = allRoutes
Http().bindAndHandle(routes, config.getString("http.host"), config.getInt("http.port"), httpsContext = Some(serverContext))
自簽署JKS密鑰庫的創建如下:
keytool -genkey -keyalg RSA -keysize 2048 -keystore scruples_keystore.jks -alias myalias
有人可以幫忙嗎?
我在做什麼錯了?我確信有一個配置問題,但似乎無法弄清楚。
另一個問題是,如果我使用來自CA的適當證書,會發生什麼變化?
非常感謝
Akka Http使用ssl-config庫,它有自己的大量文檔:http://typesafehub.github.io/ssl- config /(它是從Play-WS中提取的,並作爲獨立庫被提取,現在也被Akka-Http使用)。另請參閱項目https://github.com/typesafehub/ssl-config –
感謝您指引我朝着正確的方向發展。我已經按照上面發佈的文檔中所述的方式添加了配置,但仍然無法使其工作。您可以發佈自簽名證書的示例代碼/配置嗎?我是否創建配置並調用'SSLContext.getDefault',以便在啓動服務器時在綁定方法中配置'HTTPContext'?我甚至嘗試設置'ssl-config-ssl.default = true',但仍然沒有讓服務器響應https請求 – fintis