Skip to content
This repository has been archived by the owner on Feb 24, 2022. It is now read-only.

how to use etcd4j with SSL #162

Open
belovers opened this issue Nov 23, 2017 · 9 comments
Open

how to use etcd4j with SSL #162

belovers opened this issue Nov 23, 2017 · 9 comments

Comments

@belovers
Copy link

the doc writes:
Setting up SSL (You need to set up the server with SSL)

SslContext sslContext = SslContext.newClientContext();

try(EtcdClient etcd = new EtcdClient(sslContext,
URI.create("https://123.45.67.89:8001"),
URI.create("https://123.45.67.90:8001"))){
// Logs etcd version
System.out.println(etcd.getVersion());
}

but this method is out-of-date
how can I generate sslContext?
@ajaygk95
Copy link

If you have pem certs used for your etcd-server then you can use
File clientCertFile = new File(CLIENT_CERT_FILE);
File clientKeyFile = new File(CLIENT_KEY_FILE);
File caFile = new File(CA_FILE);
SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build();
etcdClient = new EtcdClient(sslContext, baseUris);

@belovers
Copy link
Author

belovers commented Nov 28, 2017
edited
Loading

yeah,i really do like this:

File clientCertFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd.pem");
File clientKeyFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\etcd-key.pem");
File caFile = new File("E:\\eclipse\\workspace\\test-etcd4j\\ca.pem");
System.out.println("1");
SslContext sslContext = SslContextBuilder.forClient().trustManager(caFile).keyManager(clientCertFile, clientKeyFile).build();
etcdClient = new EtcdClient(sslContext, URI.create("https:\\98.0.69.1:2379"));
System.out.println("2");

Qustion:
Eclipse Console only print "1" and over? ( both etcd.pem and etcd-key.pem are generated by Openssl tools)

@ajaygk95
Copy link

ajaygk95 commented Nov 29, 2017
edited
Loading

In URI.create the URI "slash" is https: // 98.0.69.1:2379. You are using using \\ (back-slashes).

@ajaygk95
Copy link

Is it working ??

@belovers
Copy link
Author

belovers commented Dec 1, 2017

thank u for reminding, but it does not work either....

@ajaygk95
Copy link

ajaygk95 commented Dec 1, 2017
edited
Loading

Okay.
Can you directly use curl to get keys. What is your etcd version ? This client is only for etcdv2.
You can use "curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/".
If curl is not working and hanging the etcd server has some issues.

And also can you enable logging (for your java-code) to debug and attach the logs.

@belovers
Copy link
Author

belovers commented Dec 4, 2017

"curl --cacert ca.pem --key etcd-client-key.pem --cert etcd-client.pem https://98.0.69.1:2379/v2/keys/" is ok,I try to get some logs。thank u

@ajaygk95
Copy link

ajaygk95 commented Dec 6, 2017

Any updates/logs ?

@dgutierrez-stratio
Copy link
Contributor

dgutierrez-stratio commented Dec 22, 2017
edited
Loading

I am currently using this solution for keystores

final KeyStore ks = KeyStore.getInstance("JKS");
final FileInputStream keyFile = new FileInputStream("/path_to_jks");
ks.load(keyFile, "jks_key".toCharArray());
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "jks_key".toCharArray());

SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(kmf);
SslContext sslCtx = ctxBuilder.build();

EtcdClient etcd = new EtcdClient(sslCtx, new URI("https://10.200.1.244:2379"));

Hope it helps

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dgutierrez-stratio @ajaygk95 @belovers