Certificate error REDIS TLS/SSL (wiki making cert section)

[jeremus]

Hi, I am having trouble connecting the plugins to my redis networks in SSL / TLS
I have the following error:

java.lang.RuntimeException: Unable to connect to your Redis server! at com.imaginarycode.minecraft.redisbungee.RedisBungee.onEnable(RedisBungee.java:240) at net.md_5.bungee.api.plugin.PluginManager.enablePlugins(PluginManager.java:250) at net.md_5.bungee.BungeeCord.start(BungeeCord.java:310) at net.md_5.bungee.BungeeCordLauncher.main(BungeeCordLauncher.java:43) at net.md_5.bungee.Bootstrap.main(Bootstrap.java:15) Caused by: com.imaginarycode.minecraft.redisbungee.internal.jedis.exceptions.JedisConnectionException: Could not get a resource from the pool at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.Pool.getResource(Pool.java:59) at com.imaginarycode.minecraft.redisbungee.internal.jedis.JedisPool.getResource(JedisPool.java:330) at com.imaginarycode.minecraft.redisbungee.RedisBungee.loadConfig(RedisBungee.java:464) at com.imaginarycode.minecraft.redisbungee.RedisBungee.onEnable(RedisBungee.java:236) ... 4 more Caused by: com.imaginarycode.minecraft.redisbungee.internal.jedis.exceptions.JedisConnectionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.imaginarycode.minecraft.redisbungee.internal.jedis.Connection.flush(Connection.java:273) at com.imaginarycode.minecraft.redisbungee.internal.jedis.Connection.getStatusCodeReply(Connection.java:200) at com.imaginarycode.minecraft.redisbungee.internal.jedis.BinaryJedis.auth(BinaryJedis.java:2387) at com.imaginarycode.minecraft.redisbungee.internal.jedis.JedisFactory.makeObject(JedisFactory.java:153) at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.create(GenericObjectPool.java:889) at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:424) at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:349) at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.Pool.getResource(Pool.java:50) ... 7 more Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1174) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:819) at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1189) at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.RedisOutputStream.flushBuffer(RedisOutputStream.java:52) at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.RedisOutputStream.flush(RedisOutputStream.java:133) at com.imaginarycode.minecraft.redisbungee.internal.jedis.Connection.flush(Connection.java:270) ... 14 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 35 more

I guess because I didn't put a certificate in the JRE root of my java?
If you have any idea how I should create or configure them? in which file or folder I should place them.

Other questions, I who am a java developer I followed this tutorial: [https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target / ]

If you can help me that would be great.
Because even with my plugins I cannot manage the connection correctly. when I do the test with the InstallCert.java class, the first time it creates the file correctly. but the second to the verification I have this error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at fr.strikoo.InstallCert.main(InstallCert.java:167)

[jeremus]

I am aware that part of my request is not about the plugins, but if you have any information I really need it!

[ghost]

you need to use keytool: https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.2/html/security_guide/add_a_certificate_to_a_truststore_using_keytool

then use JVM arguments like this:
-Djavax.net.ssl.trustStore=filename.someextension -Djavax.net.ssl.trustStorePassword=changeit

[jeremus]

you need to use keytool: https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.2/html/security_guide/add_a_certificate_to_a_truststore_using_keytool

then use JVM arguments like this:
-Djavax.net.ssl.trustStore=filename.someextension -Djavax.net.ssl.trustStorePassword=changeit

The following two arguments must be defined when starting the server ?: in the start.sh?

-Djavax.net.ssl.trustStore = filename.someextension -Djavax.net.ssl.trustStorePassword = changeit

[jeremus]

dont works

[ghost]

I do not know then, it works on my network, what is your redis version?

[ghost]

also I put truststore inside server files directory

[jeremus]

I do not know then, it works on my network, what is your redis version?

6.2.5

[jeremus]

I will try tonight or tomorrow I will work. Thank you anyway.

[ham1255]

I think we might need to make section at the wiki on how to setup ssl cert

[jeremus]

Yes I think it can be a good idea, in any case I have to find a way to make it work for my own plugins ^^

Once created, can you give me the link?

[jeremus]

you have tuto ?

[jeremus]

you have solution d'ont fix

[jeremus]

23:37:20 [WARNING] Exception encountered when loading plugin: RedisBungee
java.lang.RuntimeException: Unable to connect to your Redis server!
at com.imaginarycode.minecraft.redisbungee.RedisBungee.onEnable(RedisBungee.java:251)
at net.md_5.bungee.api.plugin.PluginManager.enablePlugins(PluginManager.java:235)
at net.md_5.bungee.BungeeCord.start(BungeeCord.java:302)
at net.md_5.bungee.BungeeCordLauncher.main(BungeeCordLauncher.java:41)
at net.md_5.bungee.Bootstrap.main(Bootstrap.java:12)
Caused by: com.imaginarycode.minecraft.redisbungee.internal.jedis.exceptions.JedisConnectionException: Could not get a resource from the pool
at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.Pool.getResource(Pool.java:84)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.JedisPool.getResource(JedisPool.java:370)
at com.imaginarycode.minecraft.redisbungee.RedisBungee.loadConfig(RedisBungee.java:476)
at com.imaginarycode.minecraft.redisbungee.RedisBungee.onEnable(RedisBungee.java:247)
... 4 more
Caused by: com.imaginarycode.minecraft.redisbungee.internal.jedis.exceptions.JedisConnectionException: Failed to create socket.
at com.imaginarycode.minecraft.redisbungee.internal.jedis.DefaultJedisSocketFactory.createSocket(DefaultJedisSocketFactory.java:110)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.Connection.connect(Connection.java:226)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.BinaryClient.connect(BinaryClient.java:135)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.BinaryJedis.connect(BinaryJedis.java:309)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.BinaryJedis.initializeFromClientConfig(BinaryJedis.java:87)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.BinaryJedis.(BinaryJedis.java:292)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.Jedis.(Jedis.java:167)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.JedisFactory.makeObject(JedisFactory.java:177)
at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.create(GenericObjectPool.java:565)
at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:307)
at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:428)
at com.imaginarycode.minecraft.redisbungee.internal.commonspool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:232)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.util.Pool.getResource(Pool.java:75)
... 7 more
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at com.imaginarycode.minecraft.redisbungee.internal.jedis.DefaultJedisSocketFactory.createSocket(DefaultJedisSocketFactory.java:80)
... 19 more

[ghost]

I use auto-generated cert during compilation process of redis server and simply add it into truststore that has other certs

[ham1255]

oops deleted my comment by accident anyways, i will finish the wiki