search

mohamed-taman / Springy-Store-Microservices

Springy Store is a conceptual simple μServices-based project using the latest cutting-edge technologies, to demonstrate how the Store services are created to be a cloud-native and 12-factor app agnostic. Those μServices are developed based on Spring Boot & Cloud framework that implements cloud-native intuitive, design patterns, and best practices.
https://mohamed-taman.github.io/Springy-Store-Microservices/
MIT License
573 stars 179 forks source link

NET::ERR_CERT_INVALID when starting the app #78

Open pchico83 opened 4 years ago

pchico83 commented 4 years ago

Describe the bug I am getting certificate errors when starting the app.

To Reproduce Steps to reproduce the behavior:

1 - ./setup.sh 2 - ./mvnw clean verify -Ddockerfile.skip 3 - docker-compose -p ssm up -d

If I go to https://localhost:8443/swagger-ui.html, I get this error:

Screenshot 2020-07-31 at 15 30 03

Checking the gateway logs with docker logs -f ssm_gateway_1:

2020-07-31 13:33:26.373 ERROR [gateway,,] 1 --- [or-http-epoll-4] reactor.netty.transport.ServerTransport  : [id: 0x7a52d1cc, L:/172.18.0.13:8443 ! R:/172.18.0.1:51036] onUncaughtException(SimpleConnection{channel=[id: 0x7a52d1cc, L:/172.18.0.13:8443 ! R:/172.18.0.1:51036]})

io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
    at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
    at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) ~[netty-transport-native-epoll-4.1.50.Final-linux-x86_64.jar:4.1.50.Final]
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.50.Final.jar:4.1.50.Final]
    at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356) ~[na:na]
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:202) ~[na:na]
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[na:na]
    at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) ~[na:na]
    at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1372) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1267) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1314) ~[netty-handler-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[netty-codec-4.1.50.Final.jar:4.1.50.Final]
    ... 15 common frames omitted

2020-07-31 13:33:26.369 ERROR [gateway,,] 1 --- [or-http-epoll-3] reactor.netty.transport.ServerTransport  : [id: 0x17f383ab, L:/172.18.0.13:8443 ! R:/172.18.0.1:51032] onUncaughtException(SimpleConnection{channel=[id: 0x17f383ab, L:/172.18.0.13:8443 ! R:/172.18.0.1:51032]})

Expected behavior It works.

Desktop (please complete the following information):

Additional context Not sure if it might be my JDK 15 installation? If you push your images to Docker Hub, I can also give them a try.

pchico83 commented 4 years ago

Tests are all passing. Everything looks good but the certificate.

pchico83 commented 4 years ago

@mohamed-taman any update on this issue? or guidance on how to solve it?

gwokudasam commented 4 years ago

I also go the same error

On Fri, Jul 31, 2020 at 3:43 PM Pablo Chico de Guzman < notifications@github.com> wrote:

Tests are all passing. Everything looks good but the certificate.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mohamed-taman/Springy-Store-Microservices/issues/78#issuecomment-667126425, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAI7HKADJ4B5DXWYLIPWYETR6LC65ANCNFSM4PQITDTQ .

mohamed-taman commented 4 years ago

Hi @gwokudasam @pchico83 I will work on it once I came back to my vacation, but it is not enabled yet through API Gateway, this is why you can access it yet.

pchico83 commented 4 years ago

@mohamed-taman I am trying to run the app on Kubernetes, behind an nginx ingress controller that provides HTTPs termination. Is it possible to expose the gateway on HTTP?

mohamed-taman commented 4 years ago

@mohamed-taman I am trying to run the app on Kubernetes, behind an nginx ingress controller that provides HTTPs termination. Is it possible to expose the gateway on HTTP?

Yes, you can, just from API Gateway disable the https property and related certificates properties and it will work normally as HTTP.

mohamed-taman commented 4 years ago

@pchico83 Just in two weeks or less, I will start to migrate this project folly to work on K8s and adding a Monitoring stack as well. So stay tuned.

pchico83 commented 4 years ago

@mohamed-taman :popcorn: