Some of FusionAuth APIs start failing when enabling SSL on FusionAuth server.

[cherryfusionauth]

(Problem with enabling SSL on FusionAuth service)

Description

When customer enable SSL on fusionauth service, the admin UI start failing on certain operations (for instance, creating a new Tenant) and the same APIs fail locally with localhost https as well.

Observed versions

FusionAuth version [1.48.3]

Affects versions

The version, or versions where this bug exists. If you do not know, please leave blank for now.

Steps to reproduce

Steps to reproduce the behavior:

1. Create a self signed cert with mkcert (mkcert: A convenient tool for generating locally-trusted certificates for development purposes.)

2. rename the generated files .pem(localhost-key.pem localhost.pem ) to .key and .crt file

3. Add the following information to your docker-compose.yml file (or your docker run command if that is how you are running it).
   environment:
   FUSIONAUTH_APP_HTTPS_PORT: 9013
   FUSIONAUTH_APP_HTTPS_ENABLED: "true"
   FUSIONAUTH_APP_HTTPS_CERTIFICATE_FILE: /usr/local/etc/localhost.crt
   FUSIONAUTH_APP_HTTPS_PRIVATE_KEY_FILE: /usr/local/etc/localhost.key
   ports:

   • 9013:9013
     volumes:
   • /$(yourpathonyourlocalhost)/localhost.crt:/usr/local/etc/localhost.crt
   • /$(yourpathonyourlocalhost)/localhost.key:/usr/local/etc/localhost.key

4. run docker compose up -d

5. log in to your https://localhost:9013

6. log in as your admin user

7. Create a Tenant

8. See error

9. Do the same thing via http://localhost:9011 and see everything successful

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem. Delete this section if it is not applicable.

Platform

(Please complete the following information)

• Device: MackPro
• OS: macOS
• Browser + version Chrome of any version
• Database Postgres

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Exception in the logs:
2024-01-16 09:02:48 java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.
2024-01-16 09:02:48 at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191)
2024-01-16 09:02:48 at io.fusionauth.http.server.HTTPS11Processor.handleHandshake(HTTPS11Processor.java:370)
2024-01-16 09:02:48 at io.fusionauth.http.server.HTTPS11Processor.wrote(HTTPS11Processor.java:311)
2024-01-16 09:02:48 at io.fusionauth.http.server.HTTPServerThread.write(HTTPServerThread.java:394)
2024-01-16 09:02:48 at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:178)

Related

• HTTPS not working in 1.47.1 #2498
• TLS fixes java-http#16

[robotdan]

Likely duplicate of #2498

[robotdan]

Closing as duplicate of #2498