weblogic上的Web服务客户端应用程序调用Web服务
我在 weblogic 10.3.3 上有一个 Web 应用程序,它是用于调用安全 Web 服务的客户端。 注意:我已经能够通过设置来通过独立的java类测试Web服务 下面的两个属性:
System.setProperty("javax.net.ssl.keyStore", "C:/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "######");
但是当我尝试将客户端应用程序部署到 weblogic 时,它给出了以下错误:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to receive m
essage javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain receive
d from ******* was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
ource)
在 weblogic 控制台中,我选中了“SSL Listen Port Enabled”复选框。 在“密钥库”选项卡中,我选择了“自定义身份和标准信任库”。对于自定义身份,我指向 C:/keystore.jks。
I have a web application on weblogic 10.3.3 which is the client for invoking a secure web service.
Note: I have been able to test the web service through a stand-alone java class by setting
the two properties below:
System.setProperty("javax.net.ssl.keyStore", "C:/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "######");
But when i try to deploy the client application to weblogic, it gives me the below error:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to receive m
essage javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain receive
d from ******* was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
ource)
In weblogic console i have checked the "SSL Listen Port Enabled" checkbox.
In Keystores tab I have selected "Custom identity and Standard Trust Store". And for custom identity I have pointed to C:/keystore.jks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
密钥库是您放置您的密钥的地方。您将使用这些来向您的同伴证明您是谁。这很可能就是“自定义身份”的含义。 信任库是您放置信任锚的地方。这些是您已经信任的证书,您的对等方必须向您提供一个以信任存储中的证书之一结尾的证书链。作为一种退化情况,您可以将对等证书本身直接放入此信任库中。这种退化情况必须用于自签名证书。
对于大多数普通 SSL 使用,信任库包括众所周知的 CA 根,例如 Verisign、Thawte、GoDaddy、Comodo、GlobalSign 等。Oracle JRE 在通常名为
cacerts的文件中包含一个信任库,该文件包含大量Oracle 认为应该存在这样的 CA 根。这很可能就是“标准信任存储”的含义。我猜您的同行正在使用自签名证书。因此,您应该使用包含此证书的自定义信任库。
The keystore is where you put your keys. You will use these to prove who you are to your peer. This is most likely what is meant by "Custom Identity". The truststore is where you put your trust anchors. These are the certificates that you already trust, and your peer must present you a certificate chain that ends with one of the certificates in the trust store. As a degenerate case, you can put the peer certificate itself right into this truststore. This degenerate case must be used for self-signed certificates.
For most normal SSL uses the truststore includes well know CA roots like Verisign, Thawte, GoDaddy, Comodo, GlobalSign, etc. The Oracle JRE include a truststore in a file usually named
cacertsthat contains a large collection of such CA roots that Oracle thinks should be there. This is most likely what is meant by "Standard Trust Store".I'm guessing your peer is using a self-signed certificate. Therefore you should use a custom truststore containing this certificate.