问题
I am trying to setup a java application to connect to Hashicorp's vault and authenticate using the TLS backend (using an SSL Certificate)
I am using apache httpcomponents 4.4 as follows:
final CloseableHttpClient httpclient = HttpClients.custom().setSSLContext(mySslContext).build();
final CloseableHttpResponse response = httpclient.execute(myRequest)
where myRequest is a Post call on the url: https://127.0.0.1:8200/v1/auth/cert/login
and mySslContext is built using the keystore file
I have setup vault as follows:
vault server -dev
vault auth-enable cert
vault write auth/cert/certs/default display_name=default policies=default certificate=@C:/dev/keys/vault/vaultPriKey.pem ttl=3600
Yet when i try to execute the request I get:
Unrecognized SSL message, plaintext connection?
Am i missing some form of configuration?
回答1:
I needed to setup vault without the dev environment
This sample configuration was used: (Note that by not using -dev you need to initialise and unseal it)
backend "inmem" {
address = "127.0.0.1:8500"
path = "vault"
}
listener "tcp" {
address = "127.0.0.1:9000"
tls_disable = 1
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 0
tls_cert_file = "C:/my/server.pem"
tls_key_file = "C:/my/serverkey.pkcs8"
}
And like so you can connect using ssl over 8200 and without ssl on 9000
来源:https://stackoverflow.com/questions/36677778/hashicorp-vault-unrecognized-ssl-message-plaintext-connection