Tomcat 作为客户端通过 SSL 与多个独立的服务器进行通信
这是场景:
- 我现在有多个应用程序服务器在本地运行(应该在不同的主机上运行)-->每个都在不同的端口(在本地主机)上侦听。
- 我有一个在 Tomcat 上运行的客户端应用程序。
- 启动 Tomcat 时,使用不同的用户详细信息登录并远程连接到不同的(上述)服务器。
我的问题是:
- 首先,我启动Tomcat并以userA身份登录,然后它成功连接到serverA(localhost:1000)。
- 然后我退出了。
- 再次以 userB 身份登录,它没有按预期连接到 serverB(localhost:1001);相反,它给出了例外 “javax.net.ssl.SSLHandshakeException:收到致命警报:certificate_unknown”
- 但是,如果我重新启动 Tomcat,并首先以 userB 身份登录,则它会成功连接到 serverB。
有谁知道问题是什么? 我真的很感激任何建议:)
客户端 Tomcat 的代码:
SetupClientKeystore();
SetupServerKeystore();
SSLContext context = SetupSSLContext();
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(hostname, portNo);
GZIPOutputStream gZipOut = new GZIPOutputStream(socket.getOutputStream()); // no trust certificate found throws here
serverA 和 B 的代码:
setupClientKeyStore();
setupServerKeystore();
setupSSLContext();
server = new ServerSocket(portNo);
SSLServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
serverSocket = (SSLServerSocket) socketFactory.createServerSocket(portNo);
serverSocket.setNeedClientAuth(true);
while ( true )
{
Socket client = serverSocket.accept();
inStream = client.getInputStream();
BufferedInputStream bufferedIn = new BufferedInputStream(inStream); //unknown_certificate throws here
//do something here.....
}
Here is the scenario:
- I have multiple application servers running locally for now (should be running in different host) --> each is listening on different port (at localhost).
- I have a single client application running on Tomcat.
- When startup Tomcat, login with different user's details with connect to different (above) servers remotely.
My problem is:
- First, I startup Tomcat and logged in as userA, it then connected successfully to serverA(localhost:1000).
- Then I logged out.
- Logged in again as userB, it did NOT connect to serverB(localhost:1001) as expected; instead, it gave exception
"javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown" - However, if I restart Tomcat, and login as userB first, it then connects successfully to serverB.
Does anyone know what the problem is?
I really appreciate any suggestion :)
Code for client Tomcat:
SetupClientKeystore();
SetupServerKeystore();
SSLContext context = SetupSSLContext();
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(hostname, portNo);
GZIPOutputStream gZipOut = new GZIPOutputStream(socket.getOutputStream()); // no trust certificate found throws here
Code for serverA and B:
setupClientKeyStore();
setupServerKeystore();
setupSSLContext();
server = new ServerSocket(portNo);
SSLServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
serverSocket = (SSLServerSocket) socketFactory.createServerSocket(portNo);
serverSocket.setNeedClientAuth(true);
while ( true )
{
Socket client = serverSocket.accept();
inStream = client.getInputStream();
BufferedInputStream bufferedIn = new BufferedInputStream(inStream); //unknown_certificate throws here
//do something here.....
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这通常表示服务器的证书不受信任。
难道是当您以 userA 身份登录时,您加载了 serverA 的受信任证书并进行连接,然后当您尝试连接到 serverB 时,您尝试使用 ServerA 的证书(当您以 userA 身份登录时加载)对 serverB 进行身份验证?
因此 SSL 握手失败。
因此,当您重新启动并以 userB 身份登录时,会加载相应的证书(即 ServerB 的证书)并且连接成功?
您的帖子中没有代码,但如果您按照我所说的那样操作,这就解释了异常。
This usually indicates that the server's certificate is not trusted.
Could it be that when you log-in as userA you load the trusted certificate of serverA and connect, and then when you try to connect to serverB you try to authenticate serverB using the certificate of ServerA (loaded when you logged in as userA)?
As a result the SSL handshake fails.
So when you restart and login as userB the appropriate certificate (i.e. of ServerB) is loaded and the connection is succesfull?
You have no code in your post but if you do it as I say, this explains the exception.