I am trying to test a verticle for which I have enabled SSL using HttpServerOptions. It's a self-signed certificate.
HttpServerOptions options = new HttpServerOptions();
options.setSsl(true)
.setPemKeyCertOptions(
new PemKeyCertOptions()
.setKeyPath(certKeyPath)
.setCertPath(certPemPath)
);
...
In my unit test, I was using this code and it was working fine for the HTTP connection
WebClient client = WebClient.create(vertx);
client.get(8080, "localhost", "/")
.ssl(true)
.as(BodyCodec.string())
.send(testContext.succeeding(response -> testContext.verify(() -> {
Assertions.assertEquals(200, response.statusCode());
testContext.completeNow();
})));
Since, I have enabled SSL, I am trying to test using the below code with the path of my own self-signed certificate.
WebClientOptions options = new WebClientOptions()
.setSsl(true)
.setPemKeyCertOptions(new PemKeyCertOptions()
.setKeyPath("key.pem")
.setCertPath("cert.pem"));
WebClient client = WebClient.create(vertx, options);
But, I am getting this error
javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
at io.vertx.core.net.impl.ChannelProvider$1.userEventTriggered(ChannelProvider.java:129)
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:346)
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:332)
at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:324)
at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1308)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1289)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1330)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:836)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
I was reading here on some thread about this error and it seems like I need to add my certificate to JVM, Just wondering, do I have to? If yes, then how will this work if my code is being pulled by someone? Do they need to add this to their JVM as well? Any other solution?
