java SSL 握手错误 javax.net.ssl.SSLHandshakeException 收到致命警报 bad_certificate
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17569066/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL handshake error javax.net.ssl.SSLHandshakeException Received fatal alert bad_certificate
提问by Rahul Mohan
I am executing the below cURL command and I am getting proper response from the server:
我正在执行下面的 cURL 命令并且我从服务器得到正确的响应:
curl -k --cert ./xevias.com.crt --key ./xevias.com.key --pass USSEQUX90 --cacert ./xeviasqamts.ca -H "Content-Type: text/xml; charset=utf-8" -H "SOAPAction:\"ws:performTransaction\"" -d @performTransaction.xml -X POST https://xevias.com:8481/DEV/PerformTransaction
Now to do the same through my CXF soap webClient I am getting below exception:
现在通过我的 CXF soap webClient 做同样的事情,我遇到了以下异常:
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://xevias.com:8481/DEV/PerformTransaction.jws: Received fatal alert: bad_certificate
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
... 66 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1839)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1282)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1233)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295)
... 76 more
I have imported the certificate for the host xevias.com:8481 into my keyStore using the below command:
我已使用以下命令将主机 xevias.com:8481 的证书导入我的 keyStore:
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file xevias.com.crt -alias sslkey
Please let me know how can I import certificates with keys, so that all which are there in the cURL command can be installed in the respective places.
请让我知道如何使用密钥导入证书,以便 cURL 命令中的所有内容都可以安装在相应的位置。
回答by Dharmendra Rathor
Could you try importing Root certificate to your keystore file.
您能否尝试将根证书导入您的密钥库文件。
You could use following command to do that. keytool -import -alias "alias" -keystore "your_keystore_filename" -trustcacerts -file "filename_of_the_root"
您可以使用以下命令来做到这一点。keytool -import -alias "alias" -keystore "your_keystore_filename" -trustcacerts -file "filename_of_the_root"
回答by Jon RO
You have to check that your cert has the proper info, you should check that the CN of your client cert has the same name as the server:
您必须检查您的证书是否具有正确的信息,您应该检查您的客户端证书的 CN 是否与服务器具有相同的名称:
CN=com.app.local
CN=com.app.local
After that with this command you can import you p12 to your JKS
之后,使用此命令,您可以将 p12 导入 JKS
*keytool -v -importkeystore -srckeystore C:\your_location\tour_file.p12 -srcstoretype PKCS12 -destkeystore d:\cert\your_store.jks -deststoretype JKS*
* keytool -v -importkeystore -srckeystore C:\your_location\tour_file.p12 -srcstoretype PKCS12 -destkeystore d:\cert\your_store.jks -deststoretype JKS*
hope it helps
希望能帮助到你
