How to add URL cert to JKS

Let’s imagine that you need to download a certificate from a website / service / endpoint and put it in the trusted certificates store (JKS or cacerts). To do this, you need to fill in the parameters SERVER_URL, ALIAS_NAME, CERT_NAME and run the script: As a result, an trusted jks storage will be created with […]

READ MORE

Using gRPC with JKS

gRPC doesn’t support JKS out of the box, but there is a workaround. Below is an example of how to use gRPC and JKS. Server side Client side If you don’t need to use custom truststore, you need to do nothing. If you need to use custom truststore, use example below: You can use trustManagerFactory […]

READ MORE

OPENSSL internal: SSLV3 ALERT HANDSHAKE FAILURE

Full text of the error: If you encounter such an error, there are at least two reasons: Incompatible version of boring-ssl library. Private key problem. For example, we wrote our own KeyManager implementation and the getPrivateKey() method returns null, or there is no such private key at all.

READ MORE

ZooKeeper x509 certificates ACL

The documentation states that setting an ACL via the ZooKeeper CLI usually works like this: In the case of the x509 scheme, the Authenticated ID for the user is the DN string of their certificate. In confirmation of this, when a user connects via a certificate, there is a line in the server log: Now, […]

READ MORE

Generate SSL certificate with User Principal Name openssl

We assume that openssl is already installed. User certificate with a UPN field Create a new file named ext.cnf in the folder where we are going to generate certificates. Write the line to the file: Replace text your_text_here with your own. The rest does not need to be touched. Now, you need to add a […]

READ MORE

Load x509 certificate from keystore Java

We have a keystore with an imported certificate and we need to work with it in code. We are going to import cert into an X509Certificate class object. After that, you can work with it further, or simply display some information about it, for example: Subject X500 Principal, Issuer X500 Principal Subject DN, Issuer DN […]

READ MORE

SSL / TLS setup for ZooKeeper

We have a ZooKeeper server and a java client application that connects to it. SSL has appeared in ZooKeeper since version 3.5.: https://issues.apache.org/jira/browse/ZOOKEEPER-2125 Server Tuning There are several types of ZooKeeper server distribution. We’ll cover the standalone version as well as the Apache Kafka version. We need a configured server for start. The setup process […]

READ MORE