Sumit Khandelwal Sumit Khandelwal - 1 month ago 73
Java Question

Fetch Configuration from Spring Cloud Config over SSL

I am building microservices using Spring Boot where configuration is distributed using Spring Cloud Config. Config application has SSL enabled.

I want my spring boot application to communicate to Config server over https. Problem is that before loading SSL configuration from bootstrap.yml, application initiates a rest call to Config Server to fetch the configuration and fails miserably with error:

java.lang.IllegalStateException: Could not locate PropertySource and the fail fast property is set, failing
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://host:8888/abcd/development,production": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:


I have configured a truststore with CA certificate in bootstrap.yml:

# MicroServices Properties
spring:
application:
name: abcd
profiles:
active: development,production
cloud:
config:
uri: https://<host>:8888
fail-fast: true
password: abc@123
username: user
server:
ssl:
trust-store: D:/Certs/caCert/server.p12
trust-store-password: keystore
key-store-provider: PKCS12


Any suggestions what should I do to create successful SSL communication with Config Server?

Answer

The problem was solved after I imported CA certificate in JRE certificate store:

keytool -importcert -alias startssl -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file ca.der
Comments