java javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11980218/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
提问by user1015715
We have configure a Big F5 load balancer virtual server for a particular IP address which redirects incoming https requests to several Windows servers where there is functionality to generate responses.
我们为特定 IP 地址配置了一个 Big F5 负载平衡器虚拟服务器,它将传入的 https 请求重定向到几个具有生成响应功能的 Windows 服务器。
I am using SoapUI to test access to these windows servers via the IP address of virtual server in the Big F5.
我正在使用 SoapUI 来测试通过 Big F5 中虚拟服务器的 IP 地址对这些 Windows 服务器的访问。
Using Server and Client certificates generated by the organization where the we have also this set up and sending requests via SoapUI I get the predicted responses back.
使用由我们也设置并通过 SoapUI 发送请求的组织生成的服务器和客户端证书,我得到了预测的响应。
The business requirements call for Commercially signed certificates by Thawte.
业务要求需要 Thawte 的商业签名证书。
We created a Certifcate Servcice Request (CSR) to generate a Server certificate and its private key and then we had it signed by Thawte, and also requested a Client Commercially signed certificate from Thawte.
我们创建了一个证书服务请求 (CSR) 来生成服务器证书及其私钥,然后我们让 Thawte 对其进行签名,并且还向 Thawte 请求了客户端商业签名证书。
We loaded both certificates in SoapUI client and the Big F5 load balancer but we attempting to test the requests we get the "javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake" error.
我们在 SoapUI 客户端和 Big F5 负载均衡器中加载了两个证书,但我们尝试测试我们收到“javax.net.ssl.SSLHandshakeException:握手期间远程主机关闭连接”错误的请求。
My questions are: How can I monitor where exactly the 2 way SSL handshake is terminated The actual reason what exactly is happening?.. why using commercially signed certificates this does not work now?
我的问题是:如何监控 2 种方式的 SSL 握手到底在哪里终止 究竟发生了什么?.. 为什么使用商业签名的证书现在不起作用?
Any replies are welcome. Thanks.
欢迎任何回复。谢谢。
However when we swithch Serverto commercially signed by Thawte
但是,当我们将 Server 切换到 Thawte 的商业签名时
回答by CS Pei
This is possibly due to the Java security feature. If so you need to edit the soapui-4.x.x.vmoptions file located at soapui-4.x.x\binfolder and add -Dsun.security.ssl.allowUnsafeRenegotiation=trueto the end.
这可能是由于 Java 安全功能所致。如果是这样,您需要编辑位于soapui-4.x.x\bin文件夹中的 soapui-4.xxvmoptions 文件并将其添加-Dsun.security.ssl.allowUnsafeRenegotiation=true到末尾。
You may also need to export the certificate as a pfx file and set it up in soapUI preference page. For details you can check http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspxand http://forums.devarticles.com/java-development-38/javax-net-ssl-sslhandshakeexception-received-fatal-alert-handshake-failure-11809.html.
您可能还需要将证书导出为 pfx 文件并在 soapUI 首选项页面中进行设置。有关详细信息,您可以查看http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx和http://forums.devarticles.com/java-development-38/javax-net-ssl-sslhandshakeexception-received-fatal-alert-handshake-failure-11809.html。
回答by user207421
The client is a SoapUI request that has not changed except a different client certificate
客户端是一个 SoapUI 请求,除了不同的客户端证书之外没有改变
That suggests that the server doesn't trust the new client certificate, which in turn implies that the client certificate wasn't even sent because it wasn't signed by one of the server's trusted signers. Closing the connection is the server's only real option in this circumstance, as there isn't an SSL alert for it.
这表明服务器不信任新的客户端证书,这反过来意味着客户端证书甚至没有发送,因为它不是由服务器的受信任签名者之一签名的。在这种情况下,关闭连接是服务器唯一真正的选择,因为没有针对它的 SSL 警报。
回答by David
Make sure you have address translation on and the SNAt set to Auto Map for your VIP
确保您打开了地址转换并将 SNAt 设置为 VIP 的自动映射
