无法建立双向 SSL 连接
使用普通的 java 客户端,我尝试连接到其他网络服务器,它可以独立工作,但是当我部署在 weblogic 上并尝试连接它时,会出现以下错误。
服务器:weblogic 10.3
SSL 的完整堆栈跟踪:使用下面的 stactrace 很容易听起来正在发生握手,但它再次尝试连接并失败。请建议我哪里做错了。
我正在使用的代码片段:
FileInputStream fisjks = null;
FileInputStream fisTrusted = null;
String keyStoreType = "jks";
String passphrase = "password";
String passphraseTrusted = "password";
KeyStore ks = KeyStore.getInstance(keyStoreType);
fisjks = new FileInputStream("C:/CFC/Certs/client.jks");
ks.load(fisjks, passphrase.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase.toCharArray());
KeyStore ks1 = KeyStore.getInstance(keyStoreType);
fisTrusted = new FileInputStream("C:/CFC/Certs/clientTruststore.jks");
ks1.load(fisTrusted, passphraseTrusted.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("PKIX");
tmf.init(ks1);
SSLContext sslc = SSLContext.getInstance("SSLv3");
sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
HttpsTransportInfo https = new HttpsTransportInfo();
https.setKeyManagers(kmf.getKeyManagers());
https.setTrustManagers(tmf.getTrustManagers());
错误堆栈跟踪:
找到以下密钥:1 条链 [0] = [ [ 版本:V3 主题: [电子邮件& nbsp;受保护],CN=dbsinlt3767,OU=deutsche 银行,O=德意志银行,L=sg,ST=sg,C=sg 签名算法: SHA1withRSA,OID = 1.2.840.113549.1.1.5
密钥:Sun RSA 公钥,1024 位模数: 1445925277240120748450040824877944244873544556735790964769408723585331414380657358258198941280566925719229404585437553311 9464317637468710066435996399591693326978885599135083352737118574900188844096501279060543786324374790136579734524535569001 1955852557580366177837112034836139958497356357064447873318654927713 公共指数:65537 有效性:[来自:Sun Mar 13 17:23:02 SGT 2011年, 致:2012 年 3 月 7 日,星期三 17:23:02 SGT ] 发行者:[电子邮件受保护]< /a>, CN=dbsinws3283, OU=deutsche 银行,O=德意志银行,L=sg,ST=sg,C=sg 序列号:[1001]
证书扩展:4 [1]:ObjectId:2.16.840.1.113730.1.13 Criticality=false 扩展名未知:DER 编码的 OCTET 字符串 = 0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL 基因 0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 额定 证书 0020:65 e
[2]:ObjectId:2.5.29.14 关键性 = false 主题密钥标识符 [ 密钥标识符 [0000: 75 87 47 BE 09 C0 D9 C7 4F FB 5F 57 1D F7 77 99 uG..O._W..w. 0010:CF 12 FB DB
....]][3]:ObjectId:2.5.29.35 Criticality=false AuthorityKeyIdentifier [ 密钥标识符 [0000: 96 83 10 39 C4 C0 8F 54 5E 0F 85 A0 9C D4 85 71 ...9...T^......q 0010:FC 55 39 9A
.U9。 ]]
* main,发送 TLSv1 警报:致命,描述 =certificate_unknown main,写入:TLSv1 警报,长度 = 2 [原始写入]:长度 = 7 0000:15 03 01 00 02 02 2E ....... 主,称为 closeSocket() main,处理异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:没有受信任的证书 发现于 weblogic.wsee.jaxrpc.ServiceImpl.throwServiceException(ServiceImpl.java:174) 在 weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:485) 在 weblogic.wsee.jaxrpc.ServiceImpl.(ServiceImpl.java:119) 处 com.db.luup.InvoiceAgentService_Impl.(来源未知)位于 com.db.mobile.test.LuupMobileClientTest1.main(LuupMobileClientTest1.java:78) 导致:weblogic.wsee.wsdl.WsdlException:无法读取 wsdl 文件 来自 url 由于 -- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:没有受信任的证书 发现于 weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313)在 weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)在 weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:136)在 weblogic.wsee.wsdl.WsdlSchemaImport.parse(WsdlSchemaImport.java:99) 在 weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:116) 处 weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:73)在 weblogic.wsee.wsdl.WsdlTypes.parse(WsdlTypes.java:165) 在 weblogic.wsee.wsdl.WsdlDefinitions.parseChild(WsdlDefinitions.java:520) 在 weblogic.wsee.wsdl.WsdlExtensible.parse(WsdlExtensible.java:98) 在 weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:468) 在 weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:403) 在 weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:389) 在 weblogic.wsee.wsdl.WsdlFactory.parse(WsdlFactory.java:79) 处 weblogic.wsee.wsdl.WsdlFactory.parse(WsdlFactory.java:66)在 weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:476) ... 3 个以上 引起原因:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:没有受信任的证书 发现于 com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) 在 com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) 在 com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) 在 com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) 在 com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) 在 com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) 在 com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) 在 com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) 在 com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) 在 com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) 在 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) 在 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) 在 sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) 在 sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) 在 sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049) 在 sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) 在 weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100) 在 weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118) 在 weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65) 在 weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311) ... 17 更多 引起者:sun.security.validator.ValidatorException:否 可信证书位于 sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:330) 在 sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:110) 在 sun.security.validator.Validator.validate(Validator.java:218) 处 com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) 在 com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) 在 com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) 在 com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014) ... 32 更多
Using plain java client i'm trying to connect to other webserver, It works on standlone but when i deploy on weblogic and try to connect it give below error.
Server :weblogic 10.3
Full stack trace of SSL: with below stactrace it easily sounds that handshake is happening but again its trying to connect and failing .please suggest me where i'm doing wrong.
code snippet i'm using :
FileInputStream fisjks = null;
FileInputStream fisTrusted = null;
String keyStoreType = "jks";
String passphrase = "password";
String passphraseTrusted = "password";
KeyStore ks = KeyStore.getInstance(keyStoreType);
fisjks = new FileInputStream("C:/CFC/Certs/client.jks");
ks.load(fisjks, passphrase.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase.toCharArray());
KeyStore ks1 = KeyStore.getInstance(keyStoreType);
fisTrusted = new FileInputStream("C:/CFC/Certs/clientTruststore.jks");
ks1.load(fisTrusted, passphraseTrusted.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("PKIX");
tmf.init(ks1);
SSLContext sslc = SSLContext.getInstance("SSLv3");
sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
HttpsTransportInfo https = new HttpsTransportInfo();
https.setKeyManagers(kmf.getKeyManagers());
https.setTrustManagers(tmf.getTrustManagers());
error stack trace:
found key for : 1 chain [0] = [ [ Version: V3 Subject:
[email protected], CN=dbsinlt3767, OU=deutsche
bank, O=deutsche bank, L=sg, ST=sg, C=sg Signature Algorithm:
SHA1withRSA, OID = 1.2.840.113549.1.1.5Key: Sun RSA public key, 1024 bits modulus:
144592527724012074845004082487794424487354455673579096476940872358533141438065735825819894128056692571922940458543755331194643176374687100664359963995916933269788855991350833527371185749001888440965012790605437863243747901365797345245355690011955852557580366177837112034836139958497356357064447873318654927713
public exponent: 65537 Validity: [From: Sun Mar 13 17:23:02 SGT
2011,
To: Wed Mar 07 17:23:02 SGT 2012] Issuer: [email protected], CN=dbsinws3283, OU=deutsche
bank, O=deutsche bank, L=sg, ST=sg, C=sg SerialNumber: [ 1001]Certificate Extensions: 4 [1]: ObjectId: 2.16.840.1.113730.1.13
Criticality=false Extension unknown: DER encoded OCTET string = 0000:
04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated
Certificat 0020: 65 e[2]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [
KeyIdentifier [ 0000: 75 87 47 BE 09 C0 D9 C7 4F FB 5F 57 1D F7 77
99 u.G.....O._W..w. 0010: CF 12 FB DB
.... ] ][3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [
KeyIdentifier [ 0000: 96 83 10 39 C4 C0 8F 54 5E 0F 85 A0 9C D4 85
71 ...9...T^......q 0010: FC 55 39 9A
.U9. ]]
* main, SEND TLSv1 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1 Alert, length = 2 [Raw write]: length = 7 0000: 15
03 01 00 02 02 2E ....... main, called
closeSocket() main, handling exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found at
weblogic.wsee.jaxrpc.ServiceImpl.throwServiceException(ServiceImpl.java:174)
at
weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:485)
at weblogic.wsee.jaxrpc.ServiceImpl.(ServiceImpl.java:119) at
com.db.luup.InvoiceAgentService_Impl.(Unknown Source) at
com.db.mobile.test.LuupMobileClientTest1.main(LuupMobileClientTest1.java:78)
Caused by: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file
from url due to -- javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found at
weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313) at
weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305) at
weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:136) at
weblogic.wsee.wsdl.WsdlSchemaImport.parse(WsdlSchemaImport.java:99)
at weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:116) at
weblogic.wsee.wsdl.WsdlSchema.parse(WsdlSchema.java:73) at
weblogic.wsee.wsdl.WsdlTypes.parse(WsdlTypes.java:165) at
weblogic.wsee.wsdl.WsdlDefinitions.parseChild(WsdlDefinitions.java:520)
at weblogic.wsee.wsdl.WsdlExtensible.parse(WsdlExtensible.java:98)
at weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:468)
at weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:403)
at weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:389)
at weblogic.wsee.wsdl.WsdlFactory.parse(WsdlFactory.java:79) at
weblogic.wsee.wsdl.WsdlFactory.parse(WsdlFactory.java:66) at
weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:476)
... 3 more Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at
weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at
weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
... 17 more Caused by: sun.security.validator.ValidatorException: No
trusted certificate found at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:330)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:110)
at sun.security.validator.Validator.validate(Validator.java:218) at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 32 more
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
服务器不信任客户端证书,反之亦然。
The server didn't trust the client certificate, or vice versa.
如果错误堆栈来自客户端应用程序,则文件
C:/CFC/Certs/clientTruststore.jks必须具有服务器证书颁发者的 CA 证书。“找不到受信任的证书”。由于在信任库中找不到匹配的 CA 证书,客户端无法验证服务器的证书。
If the error stack is from the client application, then the file
C:/CFC/Certs/clientTruststore.jksmust have the CA certificate for the server certifcate's Issuer."No trusted certificate found". The client cannot verify the server's certificate since a matching CA certificate is not found in the truststore.