0

I am trying to get secure connection to work on my akka-http server (localhost) using a self-signed certificate. I have not been successful.

The Akka-http docs on ssl is a little vague. I have tried to gather bits and pieces of information from all over but still can't get this to work.

I created an ssl trait like below: 

 trait MySslConfiguration {

  def serverContext: HttpsContext = {
    val password = "password".toCharArray
    val context = SSLContext.getInstance("TLSv1.2")
    val keyStore = KeyStore.getInstance("jks")
    val keyStoreResource = "/scruples_keystore.jks"
    val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
    val trustManagerFactory = TrustManagerFactory.getInstance("SunX509")
    keyStore.load(getClass.getClassLoader.getResourceAsStream(keyStoreResource), password)
    keyManagerFactory.init(keyStore, password)
    trustManagerFactory.init(keyStore)
    context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getManagers, new SecureRandom())
    val sslParams = context.getDefaultSSLParameters
    sslParams.setEndpointIdentificationAlgorithm("HTTPS")
    HttpsContext(sslContext = context
    sslParameters = Some(sslParams),
     enabledProtocols = Some(List("TLSv1.2", "TLSv1.1", "TLSv1")))
  }

}

I add the trait to my server startup like so: 

object Main extends App with Core with RestInterface with MySslConfiguration {
  val metricRegistry = new com.codahale.metrics.MetricRegistry()
  override implicit val injector = GlobalInjector.getInjector
  override implicit val system: ActorSystem = injector.instance[ActorSystem]

  override def config: Config = injector.instance[Config]

  override implicit def executor: ExecutionContextExecutor = system.dispatcher

  override val logger: LoggingAdapter = Logging(system, getClass)
  override implicit val materializer: Materializer = ActorMaterializer()


  val routes = allRoutes

  Http().bindAndHandle(routes, config.getString("http.host"), config.getInt("http.port"), httpsContext = Some(serverContext))

The self-signed jks keystore was created as below:

keytool -genkey -keyalg RSA -keysize 2048 -keystore scruples_keystore.jks -alias myalias

Can someone please help?

What i'm I doing wrong? I am sure there is a configuration issue but can't seem to figure it out.

Another question is what would change if I were using a proper cerficate from a CA?

Many thanks

fintis
  • 3
  • 3
  • Akka Http uses the ssl-config library which has its own extensive documentation: http://typesafehub.github.io/ssl-config/ (it was taken from Play-WS and extracted as a standalone library and now used by Akka-Http as well). Also see the project https://github.com/typesafehub/ssl-config – Endre Varga Mar 26 '16 at 08:45
  • Thank you for pointing me in the right direction. I have added configuration as described in the documents as you posted above I however still can't get it to work. Could you please post sample code/configuration for a self-signed certificate. Do I create the configuration and call `SSLContext.getDefault` in order for me to configure the `HTTPContext` in the bind method while starting the server? I even tried setting `ssl-config-ssl.default = true` and still didn't get the server to respond to https requests – fintis Mar 26 '16 at 11:52

1 Answers1

0

It so turned out that specifying the keystore location as val keyStoreResource = "/scruples_keystore.jks" was the issue. Specifying the keystore location as val keyStoreResource = "scruples_keystore" did the trick and all is well with the world again...

fintis
  • 3
  • 3