Using gRPC with JKS

gRPC doesn’t support JKS out of the box, but there is a workaround. Below is an example of how to use gRPC and JKS. Server side Client side If you don’t need to use custom truststore, you need to do nothing. If you need to use custom truststore, use example below: You can use trustManagerFactory […]

READ MORE

OPENSSL internal: SSLV3 ALERT HANDSHAKE FAILURE

Full text of the error: If you encounter such an error, there are at least two reasons: Incompatible version of boring-ssl library. Private key problem. For example, we wrote our own KeyManager implementation and the getPrivateKey() method returns null, or there is no such private key at all.

READ MORE

ZooKeeper x509 certificates ACL

The documentation states that setting an ACL via the ZooKeeper CLI usually works like this: In the case of the x509 scheme, the Authenticated ID for the user is the DN string of their certificate. In confirmation of this, when a user connects via a certificate, there is a line in the server log: Now, […]

READ MORE

Generate SSL certificate with User Principal Name openssl

We assume that openssl is already installed. User certificate with a UPN field Create a new file named ext.cnf in the folder where we are going to generate certificates. Write the line to the file: Replace text your_text_here with your own. The rest does not need to be touched. Now, you need to add a […]

READ MORE

Load x509 certificate from keystore Java

We have a keystore with an imported certificate and we need to work with it in code. We are going to import cert into an X509Certificate class object. After that, you can work with it further, or simply display some information about it, for example: Subject X500 Principal, Issuer X500 Principal Subject DN, Issuer DN […]

READ MORE

SSL / TLS setup for ZooKeeper

We have a ZooKeeper server and a java client application that connects to it. SSL has appeared in ZooKeeper since version 3.5.: https://issues.apache.org/jira/browse/ZOOKEEPER-2125 Server Tuning There are several types of ZooKeeper server distribution. We’ll cover the standalone version as well as the Apache Kafka version. We need a configured server for start. The setup process […]

READ MORE

Cacerts file location

Linux & MacOS The cacerts file is a collection of trusted certificate authority (CA) certificates. It is located in the Java Runtime Environment distribution under the path: The extension is not specified in the file name, but the file is of JKS type. For this reason, in some cases, an explicit indication of the file type is […]

READ MORE