Mobile versionIch war in der letzten Woche oder so versucht, meinen Scala+AKKA -Client so zu konfigurieren Ein Server, der nginx ausgeführt wird.
Code: Select all
javax.net.ssl.SSLHandshakeException: (certificate_unknown)Setup:
Code: Select all
nginxCode: Select all
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name localhost;
ssl_certificate /home/hydra/.localhost-ssl/localhost.crt; //
private val sslContext: SSLContext = SSLManager.getClientSSLContext
private val connectionContext = ConnectionContext.httpsClient(sslContext)
...
val request = HttpRequest(method = HttpMethods.GET, uri = s"https://${server.serverIP}/ping")
http.singleRequest(request, connectionContext).pipeTo(self)
< /code>
createClientContextCode: Select all
def getClientSSLContext: SSLContext = {
val keyStore = KeyStore.getInstance("JKS")
keyStore.load(null, null) // Create an empty keystore
keyStore.setCertificateEntry("rootCA", loadRootCertificate())
// Set up a TrustManager that trusts the root CA certificate
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
trustManagerFactory.init(keyStore)
val trustManagers = trustManagerFactory.getTrustManagers
// Create an SSLContext with the custom TrustManager
val sslContext = SSLContext.getInstance("TLS")
sslContext.init(null, trustManagers, new SecureRandom())
sslContext
}
< /code>
Writing rootCACode: Select all
val rootCA = new StringBuilder()
rootCA.append("-----BEGIN CERTIFICATE-----\n")
rootCA.append(Base64.getEncoder.encodeToString(rootCACertificate.getEncoded))
rootCA.append("\n-----END CERTIFICATE-----")
writeFile(ROOT_CA_PATH, Seq(rootCA.toString))
< /code>
How I create the signed server certificate:
def createCSR(keyPair: KeyPair, subject: String, keyAlgorithm: String): PKCS10CertificationRequest = {
val csrGen = new PKCS10CertificationRequestBuilder(new X500Name(subject), SubjectPublicKeyInfo.getInstance(keyPair.getPublic.getEncoded))
val signer = new JcaContentSignerBuilder("SHA256with" + keyAlgorithm).build(keyPair.getPrivate)
csrGen.build(signer)
}
// Sign the CSR with the root CA's private key to generate a certificate
def signCertificate(csr: PKCS10CertificationRequest, rootCACertificate: X509Certificate, rootCAPrivateKey: PrivateKey): X509Certificate = {
val notBefore = new Date()
val notAfter = new Date(notBefore.getTime + 36500L * 24 * 60 * 60 * 1000) // Valid for 1 year
val certGen = new X509v3CertificateBuilder(
new X500Name("CN=Hydra SSL Certificate"),
new BigInteger(128, new Random()),
notBefore,
notAfter,
csr.getSubject,
csr.getSubjectPublicKeyInfo
)
// Add SubjectAlternativeName (SAN) extension
val sanNames = Array[GeneralName](
new GeneralName(GeneralName.iPAddress, SERVER_IP)
)
val generalNames = new GeneralNames(sanNames)
certGen.addExtension(Extension.subjectAlternativeName, false, generalNames)
// Sign with root CA's private key
val signer = new JcaContentSignerBuilder("SHA256withRSA").build(rootCAPrivateKey)
val certificateHolder: X509CertificateHolder = certGen.build(signer)
// Convert to a JCE certificate
val converter = new JcaX509CertificateConverter().setProvider("BC")
converter.getCertificate(certificateHolder)
}
...
// Step 1: Load Root CA certificate and private key
val rootCACertificate = loadRootCertificate()
val rootCAPrivateKey = loadRootPrivateKey()
// Step 2: Generate new key pair for SSL certificate
val keyPair = generateKey("RSA")
// Step 3: Create CSR (Certificate Signing Request)
val csr = createCSR(keyPair, s"CN=hydra_server_$SERVER_ID, O=Hydra, C=UK", "RSA")
// Step 4: Sign the CSR with the Root CA to generate the SSL certificate
val sslCertificate = signCertificate(csr, rootCACertificate, rootCAPrivateKey)
< /code>
[b]What I've Tried:[/b]
After consulting chatGPTDie Ausgabe dieses Befehls gefunden. BR/> Dies half mir zu überprüfen Erzeugt am 7.07.2025 wurde das Serverzertifikat (Zertifikat 0) heute generiert.>