Hi Hubert,
Thanks for the hint, but the test isn't that different from what I've
been doing, with only one exception - the test uses custom keystore.
It appears that for GWS to work in SSL mode, explicitly configuring
the keystore and keystore password is not mandatory. If either of them
are missing, grizzly will fail with all kinds of errors, none of which
really explain what the client code should do differently.
When glancing at the code and documentation, I got an impression that
if no keystore is specified, some sort of default keystore will be
used. But now I know that this is not the case.
Just for the reference for those who stumble upon this problem in the
future:
- create a keystore and a key pair with the keytool commnad
- then start GrizzlyWebServer as:
public class TestSslServer {
public static void main(String[] args) throws IOException {
SSLConfig sslConfig = new SSLConfig();
sslConfig.setKeyStorePass("changeit");
sslConfig.setKeyStoreFile("/var/tmp/test.jks"); //replace with
your keystore
GrizzlyWebServer gws = new GrizzlyWebServer(7000, "/var/tmp/",
true);
gws.setSSLConfig(sslConfig);
gws.start();
}
}
thanks,
Igor
On Aug 21, 2009, at 4:10 PM, Hubert Iwaniuk wrote:
> Hi Igor,
>
> Blog post you are referring to got outdated quite fast, SSLConfig
> got refactored.
> Please check GWST.testStartSecureWithConfiguration().
> I hope one day to get some time to update this post.
>
> HTH,
> Hubert.
>
>
> On Fri, Aug 21, 2009 at 10:28 PM, Igor Minar <iiminar_at_gmail.com>
> wrote:
> Hi guys,
>
> I'm trying to start GrizzlyWebServer with SSL turned on, but it
> doesn't seem to work for me.
>
> My code is very simple:
>
> public class TestSslServer {
> public static void main(String[] args) throws IOException {
> GrizzlyWebServer gws = new GrizzlyWebServer(7000, "/var/
> tmp/", true);
> gws.setSSLConfig(new SSLConfig());
> gws.start();
> }
> }
>
> when I hit the server with: wget --no-check-certificate https://localhost:7000/foo
>
> I get:
>
> --2009-08-21 13:23:02-- https://localhost:7000/foo
> Resolving localhost... 127.0.0.1, ::1, fe80::1
> Connecting to localhost|127.0.0.1|:7000... connected.
> Unable to establish SSL connection.
>
>
> Similar error is returned from firefox.
>
> I tried grizzly 1.9.15 and 1.9.17 and both return the same result.
> I'm on a mac and using jdk6 if it matters.
>
> Am I doing something wrong or is SSL currently broken?
>
> Hubert's blog suggests that I'm not missing anything: http://codemeself.blogspot.com/2009/04/securing-grizzly-web-server.html
>
> cheers,
> Igor
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
>