Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NET::ERR_CERT_INVALID when starting the app #78

Open
pchico83 opened this issue Jul 31, 2020 · 8 comments
Open

NET::ERR_CERT_INVALID when starting the app #78

pchico83 opened this issue Jul 31, 2020 · 8 comments

Comments

@pchico83
Copy link

Describe the bug
I am getting certificate errors when starting the app.

To Reproduce
Steps to reproduce the behavior:

1 - ./setup.sh
2 - ./mvnw clean verify -Ddockerfile.skip
3 - docker-compose -p ssm up -d

If I go to https://localhost:8443/swagger-ui.html, I get this error:

Screenshot 2020-07-31 at 15 30 03

Checking the gateway logs with docker logs -f ssm_gateway_1:

2020-07-31 13:33:26.373 ERROR [gateway,,] 1 --- [or-http-epoll-4] reactor.netty.transport.ServerTransport  : [id: 0x7a52d1cc, L:/172.18.0.13:8443 ! R:/172.18.0.1:51036] onUncaughtException(SimpleConnection{channel=[id: 0x7a52d1cc, L:/172.18.0.13:8443 ! R:/172.18.0.1:51036]})

io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
	at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
	at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
	at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356) ~[na:na]
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[na:na]
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202) ~[na:na]
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[na:na]
	at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) ~[na:na]
	at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1372) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1267) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1314) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
	... 15 common frames omitted

2020-07-31 13:33:26.369 ERROR [gateway,,] 1 --- [or-http-epoll-3] reactor.netty.transport.ServerTransport  : [id: 0x17f383ab, L:/172.18.0.13:8443 ! R:/172.18.0.1:51032] onUncaughtException(SimpleConnection{channel=[id: 0x17f383ab, L:/172.18.0.13:8443 ! R:/172.18.0.1:51032]})

Expected behavior
It works.

Desktop (please complete the following information):

  • OS: OS: Mac (Catlina 10.15.6)

Additional context
Not sure if it might be my JDK 15 installation? If you push your images to Docker Hub, I can also give them a try.
@pchico83
Copy link
Author

Tests are all passing. Everything looks good but the certificate.

@pchico83
Copy link
Author

@mohamed-taman any update on this issue? or guidance on how to solve it?

@gwokudasam
Copy link

gwokudasam commented Aug 12, 2020 via email

@mohamed-taman
Copy link
Owner

Hi @gwokudasam @pchico83 I will work on it once I came back to my vacation, but it is not enabled yet through API Gateway, this is why you can access it yet.

@pchico83
Copy link
Author

@mohamed-taman I am trying to run the app on Kubernetes, behind an nginx ingress controller that provides HTTPs termination. Is it possible to expose the gateway on HTTP?

@mohamed-taman
Copy link
Owner

@mohamed-taman I am trying to run the app on Kubernetes, behind an nginx ingress controller that provides HTTPs termination. Is it possible to expose the gateway on HTTP?

Yes, you can, just from API Gateway disable the https property and related certificates properties and it will work normally as HTTP.

@mohamed-taman
Copy link
Owner

@pchico83 Just in two weeks or less, I will start to migrate this project folly to work on K8s and adding a Monitoring stack as well. So stay tuned.

@pchico83
Copy link
Author

@mohamed-taman 🍿

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gwokudasam @mohamed-taman @pchico83