I have some problems with the Akka http client-side configuration. I am trying to connect to a server that does not provide: - a publicly signed certificate - a certificate that matches the host name I do not have a hand on this nginx, so I can not change the configuration on the server side. I can only change the client side.
After much research on configuring SSL, I found that I need to configure SSL settings in application.conf at two different levels:
akka.ssl-config.ssl.loose.acceptAnyCertificate=true akka.ssl-config.loose.disableHostnameVerification = true
and
ssl-config.loose.acceptAnyCertificate=true ssl-config.loose.disableHostnameVerification = true
I checked the configuration ok with
log-config-on-start = "on"
The problem is that I still get the error at the aka debug level (not very clear)
[ingestionApiClient-akka.actor.default-dispatcher-13] [akka:
Looking at wirehark, I found that the certificate verification problem
TLSv1 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
I believe that the JVM configuration overrides everything I did, so I also tried using this method to change the JVM SSL configuration: Java SSL: how to disable host name verification
There is no problem setting up SSLContext and passing it to akka http, because I can set the default HttpsContext with
val sc = SSLContext.getInstance("TLS") *...configuration...* val customContext =HttpsContext(sc, sslParameters = Some(params)) Http().setDefaultClientHttpsContext(customHttpsContext)
But I still can't configure the default name verifier. The Http class does not have a method like Http().setDefaultHostnameVerifier
This is how I connect to the server
val dataIngestFlow = Http().outgoingConnectionTls(config.httpEndpointHost,config.httpEndpointPort)
How can i achieve this? Many thanks for your help.