etcd4j icon indicating copy to clipboard operation
etcd4j copied to clipboard

Published 20 hours ago verified publisher icon jurmous

how to use etcd4j with SSL

Open belovers opened this issue 7 years ago • 9 comments

the doc writes: Setting up SSL (You need to set up the server with SSL)

SslContext sslContext = SslContext.newClientContext();

try(EtcdClient etcd = new EtcdClient(sslContext, URI.create("https://123.45.67.89:8001"), URI.create("https://123.45.67.90:8001"))){ // Logs etcd version System.out.println(etcd.getVersion()); }

but this method is out-of-date how can I generate sslContext?

belovers avatar Nov 23 '17 01:11 belovers

If you have pem certs used for your etcd-server then you can use File clientCertFile = new File(CLIENT_CERT_FILE); File clientKeyFile = new File(CLIENT_KEY_FILE); File caFile = new File(CA_FILE); SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build(); etcdClient = new EtcdClient(sslContext, baseUris);

ajaygk95 avatar Nov 28 '17 07:11 ajaygk95

yeah,i really do like this:

File clientCertFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd.pem");
File clientKeyFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd-key.pem");
File caFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\ca.pem");
System.out.println("1");
SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build();
etcdClient = new EtcdClient(sslContext, URI.create("https:\\98.0.69.1:2379"));
System.out.println("2");

Qustion: Eclipse Console only print "1" and over? ( both etcd.pem and etcd-key.pem are generated by Openssl tools)

belovers avatar Nov 28 '17 08:11 belovers

In URI.create the URI "slash" is https: // 98.0.69.1:2379. You are using using \\ (back-slashes).

ajaygk95 avatar Nov 29 '17 11:11 ajaygk95

Is it working ??

ajaygk95 avatar Nov 30 '17 14:11 ajaygk95

thank u for reminding, but it does not work either....

belovers avatar Dec 01 '17 01:12 belovers

Okay. Can you directly use curl to get keys. What is your etcd version ? This client is only for etcdv2. You can use "curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/". If curl is not working and hanging the etcd server has some issues.

And also can you enable logging (for your java-code) to debug and attach the logs.

ajaygk95 avatar Dec 01 '17 10:12 ajaygk95

"curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/" is ok,I try to get some logs。thank u

belovers avatar Dec 04 '17 01:12 belovers

Any updates/logs ?

ajaygk95 avatar Dec 06 '17 08:12 ajaygk95

I am currently using this solution for keystores

final KeyStore ks = KeyStore.getInstance("JKS");
final FileInputStream keyFile = new FileInputStream("/path_to_jks");
ks.load(keyFile, "jks_key".toCharArray());
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "jks_key".toCharArray());

SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(kmf);
SslContext sslCtx = ctxBuilder.build();

EtcdClient etcd = new EtcdClient(sslCtx, new URI("https://10.200.1.244:2379"));

Hope it helps

dgutierrez-stratio avatar Dec 22 '17 09:12 dgutierrez-stratio