Is it possible to configure Lagom to work with SSL/TLS connections?
I generated keystore and trustore files using Java KeyTool,
I tried to configure play framework in the application.conf file to work with the generated files with no success.
Thanks for the help.
Since 1.5.x Lagom version, the use of SSL has been supported:
https://www.lagomframework.com/documentation/1.6.x/java/ConfiguringServicesInDevelopment.html#Using-HTTPS-in-development-mode
Related
Is it possible to use Kafka with SSL encryption but with no server verification nor client authentication?
I know that by default the latter is disabled, but is it possible to also disable the former?
I encountered the similar problem. Since kafka is a java process, it will load the default jdk certs when running, which is under /usr/local/jdk/jre/lib/security/cacerts. if your server is trusted there, (in my scenario, my kakfa server is MSK, and is trusted already), then you don't have to config all the keys and certs.
So all in all, I only added kafka config of security.protocol=SSL and it worked.
I basically follow the steps in this question to create SSL certificates for ActiveMQ. Now with some help, I can connect my C# application to ActiveMQ. However when I tried to connect my Angular application to it, I got ERR_CERT_COMMON_NAME_INVALID error.
I actually have an ActiveMQ instance running in AmazonMQ and it works fine with my Angular application. So I think this is the issue of the certificate when I try to run the ActiveMQ in my own docker image.
For some details, I am using a domain name dev.com pointing to 127.0.0.1, which is set in host file. I am using dev.com to access both C# application and Angular application so I plan to use wss://dev.com:61619 to access ActiveMQ from my Angular application. When I generate keystore, I specify dev.com as the CN. In addition, I have another self-signed certificate generated with OpenSSL for Angular and C# application, not sure if there will be any conflict between them.
Can anyone please help to see what could be wrong?
Thank you
I have a bunch of linux servers configured to push logs to another fluentd server using the fluent-secure-output plugin. Now I'd like to configure our windows servers using nxlogs.
I read a bit on the om_ssl nxlogs module, but I am puzzled about the shared key. Basically, fluentd's secure-output plugin requires a shared key to be identical everywhere for authentication (this is not tied to the certificates at all). But I can't see how I could specify this key in nxlog's om_ssl configuration.
Is this even supported at all? Is it possible to use nxlogs to forward to an ssl fluentd server?
It looks like they have their own authentication protocol over TLS that uses shared_keys (i.e. passphrase) on the client side instead of using private keys. I don't know why that is needed but NXLog and most other log aggregator solutions (rsyslog, syslog-ng, logstash, etc) use plain TLS which can provide proper authentication for both the client and the server.
The protocol is described in their GitHub README and I doubt it will work with NXLog's om_ssl or anything else other than Fluentd's out_secure_forward.
The Fluentd input/output plugin to forward fluentd messages over SSL with authentication, works only between the two plugin (which is actually the same one) using authentication by shared_key check from both of client(out_secure_forward) and server(in_secure_forward).
So unfortunately you can't sent it through your nxlog only through out_secure_forward.
I'm using RoboMQ to build a MQ to MQ service over SSL. I've got a keystore (key.jks) and I'm setting the following system properties to configure the SSL:
javax.net.ssl.keyStore
javax.net.ssl.trustStrore
javax.net.ssl.keyStorePassword
However, our email server requires SSL and setting up SSL in this way in RoboMQ stops it from working - I guess because it overrides the default cacerts which has the certificates in that the email client needs.
How can I get these 2 things to play nicely together?
You are correct - setting the above system properties will override cacerts JVM
wide. You need to use a custom socket factory for the SSL MQ connections
The RoboMQ SDK provides support for this via:
com.am.robomq.sdk.camelSpring.RoboSSLSocketFactory
But the easiest way to build your Camel MQ endpoints is to use the MQ Connection Wizard:
http://www.robomq.com/product_manual/index.html#serviceBuilderPanel
It basically lets you to pick a connection factory from your connection palette
and then generates the Spring definitions needed by Camel.
I am using Https and Tcp over SSL in java application with keystores and truststores. I use selfsigned certificates generated by java keytool. I am came to know about HeartBleed vulnerability with openSSL, do I need to change any implementation from java side or I am on safe side. can anyone please give details.
Java does not use OpenSSL, although some Java applications like Tomcat can. As you're using keystores and truststores, you must be using JSSE rather than OpenSSL.