Home > other >  Error: unable to verify the first certificate - Springboot
Error: unable to verify the first certificate - Springboot

Time:11-03

I have written a restful API project which is developed using spring boot and I am using the embedded tomcat and running a jar on a linux server.

The APIs are live at:

  https://api.arevogroup.com:8089/api/regions

and I can see the verified and correct SSL as well as in the given screenshot. enter image description here

but I am getting an this exception in the postman when I call these apis. enter image description here

These APIs are consumed by a Xamrin based app which seems to work all good when consumed using iPhone but gives this same exception when the APIs are accessed via android.

I guess, the way I have generated the ssl certificate has some issues.

I have used a pfx file and my SSL config in properties file looks like this:

###SSL Key Info
security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=classpath:ssl_pfx.pfx
server.ssl.key-store-type=PKCS12
  1. I have 2 questions, if disable the ssl verification, would the communication still be encrypted or not? (man in the middle attack is still possible but the info will still be encrypted, right?).
  2. If not, how can I fix this?

CodePudding user response:

You can't disable the verification of the server certificate. No browser will allow you to do it, except on an exceptional basis (the user must confirm the exception). If the client disables the verification, than the communication will be encrypted (i.e. no passive attack will be possible).

The errors you see are cause by a misconfiguration of your server. Your certificate chain contains just the certificate for your server and lacks the intermediate certificate CN=Go Daddy Secure Certificate Authority - G2. You need to download it from Go Daddy (it is the one named gdig2.crt.pem) and add it to your keystore.

Refer to this question on how to do it.

Some browsers cache intermediate certificates and are able to verify your site even if one certificate is missing. However you should not rely on it.

CodePudding user response:

security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=keystore.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS

Used the jks file instead of pfx and it worked all good. Thought to share with others too.

Page link:https//www.codepudding.com/other/177178.html

Prev:wxpython - Using treectrl to load local html files into a panel
Next:Import project spring boot with Gradle get error: Failed to apply plugin 'org.springframework.b
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding