-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Whois doesnot work on HTTPS #1588
Comments
Hello @gonghewan what is the output from : |
I tried to place server.key, server.crt and ca.crt into apache2, and apache2 works fine based on HTTPS. Like:
Btw, I found that whois has a log says: |
I create a new key and cert and verify them by openssl again, it also works fine in apache2:
Server.key:
ca.key:
ca.crt:
However, when i use in Whois, it still failed:
more details:
Also, I try to use sslContextFactory.setIncludeCipherSuites() and remake whois to add some ciphers, but it doesn't work.
Openssl version:
|
Hi @gonghewan I see the alternative name in the server certificate is
|
It's a fake dns, and I get the same result:
|
Empty ciphers is OK. What matters is that the certificate is found:
Maybe the issue is that Jetty does not trust a self-signed certificate. We use Let's Encrypt to generate per-host certificates. |
Try using the "-k" flag for curl to trust the self-signed certificate, i.e.
|
Resolved it by |
I try to configure HTTPS on whois, and terminal shows startup log:
2024-11-15T03:18:44,106 INFO [Server] Started Server@68c06a2{STARTING}[11.0.20,sto=0] @8333ms
2024-11-15T03:18:44,106 INFO [JettyBootstrap] Jetty started on HTTP port 40931 HTTPS port 34061
2024-11-15T03:18:44,106 INFO [JettyBootstrap] Certificate: X509@54a0ada1(cn=unknown,ou=unknown,o=unknown,l=unknown,st=unknown,c=unknown,h=[unknown],a=[],w=[])
2024-11-15T03:18:44,107 INFO [JettyBootstrap] Selected Protocols [TLSv1.3, TLSv1.2]
2024-11-15T03:18:44,107 INFO [JettyBootstrap] Selected Ciphers []
2024-11-15T03:18:44,107 INFO [WhoisServer] Initializing: net.ripe.db.whois.query.QueryServer@7a087132
2024-11-15T03:18:44,116 INFO [QueryServer] Query server listening on 33533
2024-11-15T03:18:44,117 INFO [WhoisServer] Running version: 1.114-SNAPSHOT (commit: 3b671aa)
2024-11-15T03:18:44,119 INFO [WhoisServer] HOME: /home/dbase
2024-11-15T03:18:44,119 INFO [WhoisServer] LANG: en_US.UTF-8
...
Then i visit localhost:40931/whois/metadata/templates/inetnum, it works and I get the correct answer, but when i try localhost:34061/whois/metadata/templates/inetnum, i got ERR_INVALID_HTTP_RESPONSE and the whois log shows nothing new.
Here is my configure:
First, i use keytool generate cert and key
keytool -genkeypair -alias whois -keyalg RSA -keysize 4096 -storetype JKS -keystore whois.jks -valid ity 3650 -storepass 20240731
keytool -export -alias "whois" -keystore whois.jks -storetype JKS -storepass "20240731" -rfc -file "whois.cer"
keytool -v -importkeystore -srckeystore whois.jks -srcstoretype jks -srcstorepass 20240731 -destkeystore whois.pfx -deststoretype pkcs12 -deststorepass 20240731 -destkeypass 20240731
openssl pkcs12 -in whois.pfx -nocerts -nodes -out whois.pri.key
Second, i change the properties file of whois:
# Service ports
# HTTPS
whois.private.keys=/home/dbase/whois.pri.key
whois.certificates=/home/dbase/whois.cer
whois.keystore=/home/dbase/whois.jks
port.api.secure=0
The text was updated successfully, but these errors were encountered: