Bad Request - This combination of host and port requires TLS. with Spring Boot

I'm newbie with Spring Boot.

I'm trying to make a https call to a service, I have a Privake key to secure connection.

I hit:

 

I tried with https:// but I get from Postman:

Could not get any response There was an error connecting to 

From the moment I wrote

server.ssl.key-store=classpath:KeyStore.jks server.ssl.key-store-password=test 

in application.properties, I get the error message:

Bad Request - This combination of host and port requires TLS

I have deleted all my code in my controller, I just let the endpoint so that I can invoke it.

@RestController @SpringBootApplication public class MainApplication { @RequestMapping(value = "/points/{point}/search", method = RequestMethod.GET) public PointsType getPoint(@PathVariable(value = "point") String point) { System.out.println("hi"); // Never printed return null; } public static void main(String[] args) { SpringApplication.run(MainApplication.class, args); } } 

Here is the file application.properties:

spring.application.name=sge server.port=8081 server.ssl.key-store=classpath:KeyStore.jks server.ssl.key-store-password=test server.ssl.key-alias=homologation-staging server.ssl.trust-store=classpath:TrustStore.jks server.ssl.trust-store-password=test server.ssl.client-auth=need security.require-ssl=true server.tomcat.remote_ip_header=x-forwarded-for server.tomcat.protocol_header=x-forwarded-proto 

What should I do ?

9

4 Answers

I used https:// at the beginning instead of http://, it worked for me.

2

I got this message because I was using wrong certificate.

I misunderstood Client certificate and Server certificate.

In my case, I installed my certificate on the server, for my domain, but what I needed to do instead is to use it to make the request, as a client certificate.

you can check it how to do it here.

Client Certificate Authentication with Spring Boot

So this message is basically saying: "Hey, your SSL request is not OK", I can't find the cert file, or your cert file is not the good one, as @SerdarAtalay says, it can also significate that you didn't use https:// prefix, etc.

Hope it helps!

We can fix this by either of below listed solutions.

  1. Use HTTPS instead of HTTP
  2. Disable TLS encryption from POSTMAN setting and use HTTP
  3. Check application properties server.ssl.enabled= true- HTTPS , false-HTTP
  4. Add correct authorization credential like username and password in POSTMAN enter image description here

[1]: enter image description here

I had this issue when working on a Java Project in Debian 10 with Tomcat as the application server.

The issue was that the application already had https defined as it's default protocol while I was using http to call the application in the browser.

I however tried using the https protocol in the browser but it didn't connect throwing the error:

Secure Connection Failed

An error occurred during a connection to 34.72.188.50:8009. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

Here's how I solved it:

I first had to create a keystore file for the application, more like a self-signed certificate for the https protocol:

sudo keytool -genkey -keyalg RSA -alias tomcat -keystore /usr/share/tomcat.keystore 

Note: You need to have Java installed on the server to be able to do this. Java can be installed using sudo apt install default-jdk.

Next, I added a https Tomcat server connector for the application in the Tomcat server configuration file (/opt/tomcat/conf/server.xml):

sudo nano /opt/tomcat/conf/server.xml 

Add the following to the configuration of the application. Notice that the keystore file location and password are specified. Also a port for the https protocol is defined, which is different from the port for the http protocol:

<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/usr/share/tomcat.keystore" keystorePass="my-password" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" compression="force" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/> 

So the full server configuration for the application looked liked this in the Tomcat server configuration file (/opt/tomcat/conf/server.xml):

<Service name="my-application"> <Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/usr/share/tomcat.keystore" keystorePass="my-password" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" compression="force" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/> 
 <Connector port="8009" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Engine name="my-application" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" /> </Host> </Engine> </Service> 

This time when I tried accessing the application from the browser using:

 

In my case it was:

https:35.123.45.6:8443 

it worked fine. Although, I had to accept a warning which added a security exception for the website, since the certificate used is a self-signed one.

That's all.

I hope this helps

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like