Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS not working with Keystore #669

Closed
Boreal34 opened this issue Aug 6, 2018 · 1 comment
Closed

HTTPS not working with Keystore #669

Boreal34 opened this issue Aug 6, 2018 · 1 comment

Comments

@Boreal34
Copy link

Boreal34 commented Aug 6, 2018

Request Type

Bug or misunderstanding.

Work Environment

| OS version (server) | Centos 7
| OS version (client) | Any OS, but tried on a Centos 7 client
| TheHive version / git hash | Last 3.0.10
| Package Type | RPM
| Browser type & version | firefox latest

Problem Description

I created a keystore to enable HTTPS one my thehive instance. Here, with the simple need to have a self-signed certificated simply to secure the communication between clients and the server.
So I use keytool on the basis of the digitalocean tutorial you provide in the configuration section of the git.

After that, i'm able to use thehive on the 9443 port, but when I try to retrieve information regarding the connection, I noticed that the communication is still working with a classic http protocol (firefox says me that it's not a secure connection (still http), btw, I have no information about the certificate which I have provided when creating the keystore....).

When I try an https://127.0.0.1:9443, it failed, saying me this exact sentence hereafter :
"SSL_ERROR_RX_RECORD_TOO_LONG" error on a blank page.
So I suppose I did something wrong regarding the configuration...
If someone could help me on this ! Thanks in advance...

My keystore pass is ok, I disable the default http port like you sayed, the path of the keystore is ok too.

Steps to Reproduce

  1. Create a keystore, here it's a fresh install of thehive, only with http activated, on a local instance.

  2. for this, follow "Generate Self-Signed Certificate in New/Existing Keystore" on https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores. with the pass Azerty1234:! and with the exact same command provided by DigitalO (I doesn't change the "domain" parmeter, should I've ?).

  3. set to disable the http.port line in application.conf and change a few parameters provided here : the pass and the path of the keystore :
    https://github.com/TheHive-Project/TheHiveDocs/blob/master/admin/configuration.md#10-https

4- Test the connexion. Showing me the error above in https, and allow only an http connection for 9443 port.
@Boreal34
Copy link
Author

Boreal34 commented Aug 6, 2018

OK I will answer for other people that could help,

after checking the application.log, i saw first an "keystore not found"

--> the problem was not a bad location, but a problem of right.

Take care to change the location of the keystore to /etc/thehive/

-->I also have a "keystore tempered" error cause I have change the rights trying to help.
Don't change it, but place it to /etc/thehive/.

Please include this in the doc for beginners.
ThX !

@Boreal34 Boreal34 closed this as completed Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Boreal34