Remoting SSL configuration

I am currently pulling my hair out trying to set up SSL/TLS for actor communication over the cluster. This is mainly because it’s a rather new territory for me.

Where can I find (more) documentation about the configuration for SSL? Does any of https://lightbend.github.io/ssl-config/ExampleSSLConfig.html apply to https://doc.akka.io/docs/akka/current/remoting.html#remote-security?

I can sign my own certs with my own CA and put them into .jks files and give them to Akka, but that doesn’t work. I.e. something I’m doing is wrong. I’ve also followed the guide https://lightbend.github.io/ssl-config/CertificateGeneration.html#using-keytool.

I’ve done the same for other cluster applications, i.e. setting up TLS communication with mutual validation using a custom CA. There must be requirements for Java/Akka I’m not aware of, and seems difficult to find out what they are.

Especially, when all the JVM says is things like

Remote connection to [/192.168.3.202:38748] failed with javax.net.ssl.SSLHandshakeException: General SSLEngine problem"

I’m always happy when I get the JVM error message to change to something else, but I’d be more happy to get it actually to work.

On a side note, I got it to work now (as usual shortly after make a post).

What was the issue? Don’t know. I just went through the whole process again, and this time the cluster is happy as if nothing ever happened.

I’d still be happy if there are additional resources on how to configure things.

You can use https://github.com/tersesystems/debugjsse and get insight into what’s going on under the hood. SSL config also has a number of debug options.