0

I have installed the SSL/TLS certificate on the server following the instructions provided by Digicert on the below link. https://www.digicert.com/ssl-certificate-installation-java.htm

Also defined the TrustManager but still i am not able to establish the secure connection. I am getting the connection failed error with reason "Error in connection establishment: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

Below is my code to add SSL support.

private static void addSSLSupport(DefaultIoFilterChainBuilder chain)
        throws Exception {
    try {
        KeyStore keyStore=KeyStore.getInstance("JKS");
        char[] passphrase= {'t','e','s','t','s','s','l'};
        keyStore.load(new FileInputStream("/home/ec2-user/digicert/mydomain.jks"),passphrase);
        Util.logInfo("Key Store loaded");
        SSLContext ctx=SSLContext.getInstance("TLS");
        TrustManagerFactory trustFactory=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustFactory.init(keyStore);
        X509TrustManager defaultTrustManager = (X509TrustManager) trustFactory.getTrustManagers()[0];
        ctx.init(null, trustFactory.getTrustManagers(), null);            
        SslFilter sslFilter = new SslFilter(ctx);
        chain.addLast("sslFilter", sslFilter);
        Util.logInfo("SSL ON");
    }catch(Exception e){
        Util.logError(e.toString());
        throw e;
    }
}
Dhruv Kapil
  • 21
  • 1
  • 3

1 Answers1

0

I have got it worked using KeyManager instead of TrustManager while initializing the SSLContext. Below is the code for your reference.

private static void addSSLSupport(DefaultIoFilterChainBuilder chain)
        throws Exception {
    try {
        KeyStore keyStore=KeyStore.getInstance("JKS");
        char[] passphrase= {'t','e','s','t','s','s','l'};
        keyStore.load(new FileInputStream("/root/mydomain.jks"),passphrase);
        Util.logInfo("Key Store loaded");
        KeyManagerFactory kmf = KeyManagerFactory
             .getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
        kmf.init(keyStore, passphrase);
        SSLContext ctx=SSLContext.getInstance("TLS");
        ctx.init(kmf.getKeyManagers(), null, null);            
        SslFilter sslFilter = new SslFilter(ctx);
        chain.addLast("sslFilter", sslFilter);
        Util.logInfo("SSL ON");
    }catch(Exception e){
        Util.logError(e.toString());
        throw e;
    }
}
Dhruv Kapil
  • 21
  • 1
  • 3