1

I am trying to setup a java application to connect to Hashicorp's vault and authenticate using the TLS backend (using an SSL Certificate)

I am using apache httpcomponents 4.4 as follows:

final CloseableHttpClient httpclient = HttpClients.custom().setSSLContext(mySslContext).build();
final CloseableHttpResponse response = httpclient.execute(myRequest)

where myRequest is a Post call on the url: https://127.0.0.1:8200/v1/auth/cert/login

and mySslContext is built using the keystore file

I have setup vault as follows:

vault server -dev
vault auth-enable cert
vault write auth/cert/certs/default display_name=default policies=default certificate=@C:/dev/keys/vault/vaultPriKey.pem ttl=3600

Yet when i try to execute the request I get:

Unrecognized SSL message, plaintext connection?

Am i missing some form of configuration?

BMW
  • 42,880
  • 12
  • 99
  • 116
mangusbrother
  • 3,988
  • 11
  • 51
  • 103
  • You can try to open https://127.0.0.1:8200/v1/auth/cert/login with your browser to see if port 8200 is really SSL port. If you have openssl you can try starting its server: `openssl s_server -key key.pem -cert cert.pem -accept 44330 -www` and check if java client can connect. See this for more info: https://blog.jorisvisscher.com/2015/07/22/create-a-simple-https-server-with-openssl-s_server/ – Anton Krosnev May 03 '16 at 12:31

1 Answers1

1

I needed to setup vault without the dev environment

This sample configuration was used: (Note that by not using -dev you need to initialise and unseal it)

backend "inmem" {
  address = "127.0.0.1:8500"
  path = "vault"
}

listener "tcp" {
    address = "127.0.0.1:9000"
    tls_disable = 1
}

listener "tcp" {
 address = "127.0.0.1:8200"
 tls_disable = 0
 tls_cert_file = "C:/my/server.pem"
 tls_key_file = "C:/my/serverkey.pkcs8"
}

And like so you can connect using ssl over 8200 and without ssl on 9000

mangusbrother
  • 3,988
  • 11
  • 51
  • 103
  • I've got only one file which is a combination of the certificate, issuingCa, caChain and, private key. Do I break this file down into separate .pem files to get this working? Also, if I use this command ```vault server -config=config.hcl``` to load in this configurations, would I still need to initialize and unseal? – Sammy65 Jun 28 '20 at 18:03