Java SoapUI 无法连接 HTTPS (SSLPeerUnverifiedException)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23932517/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SoapUI fails to connect HTTPS (SSLPeerUnverifiedException)
提问by Leos Literak
I need to test web service that is being deployed to pre-release environment that is deployed on HTTPS endpoint. Unfortunatelly SoapUI fails with SSLPeerUnverifiedException: peer not authenticatedexception. I used both versions 4.6.4 and very fresh 5.0.
我需要测试部署到部署在 HTTPS 端点上的预发布环境的 Web 服务。不幸的是,SoapUI 因SSLPeerUnverifiedException: peer not authenticated异常而失败。我使用了 4.6.4 和非常新的 5.0 两个版本。
Env:
环境:
endpoint is https, startcom certificate, network uses proxy (but same issue without proxy with different network)
端点是 https,startcom 证书,网络使用代理(但相同的问题没有代理不同的网络)
I have spent many hours, maybe a day googling for a solution. Especially this link looked promising: https://forum.soapui.org/viewtopic.php?f=13&t=20866
我花了很多时间,也许一天都在谷歌上寻找解决方案。特别是这个链接看起来很有希望:https: //forum.soapui.org/viewtopic.php?f=13&t=20866
I extracted endpoint certificate via firefox and let it trust. So I modified cacertsfrom soapui JVM installation:
我通过 Firefox 提取了端点证书并让它信任。所以我cacerts从soapui JVM安装修改:
..\SoapUI-4.6.4\jre\lib\security>keytool -import -alias HOSTNAME
-file endpoint.crt -keystore cacerts -storepass changeit
Restart and then retested - fail.
重新启动然后重新测试 - 失败。
Then I took different approach and let SoapUI JVM trust all StartCom certificates.
然后我采取了不同的方法,让 SoapUI JVM 信任所有 StartCom 证书。
keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
Restart and failed again. What else shall I do now?
重新启动并再次失败。我现在还能做什么?
EDIT
编辑
2014-05-30 08:39:53,782 ERROR [errorlog] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:446)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:499)
at com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.createLayeredSocket(SoapUISSLSocketFactory.java:268)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:200)
at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:277)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:142)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:758)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:565)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:238)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:348)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:318)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:232)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
SSL debug:
SSL调试:
adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x1
Valid from Sun Sep 17 21:46:36 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Thread-20, WRITE: TLSv1 Handshake, length = 186
Thread-20, READ: TLSv1 Alert, length = 2
Thread-20, RECV TLSv1 ALERT: warning, unrecognized_name
SSL - handshake alert: unrecognized_name
Thread-20, handling exception: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
Thread-20, SEND TLSv1 ALERT: fatal, description = unexpected_message
Thread-20, WRITE: TLSv1 Alert, length = 2
Thread-20, called closeSocket()
Thread-20, IOException in getSession(): javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
09:16:12,482 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
采纳答案by Leos Literak
Ok, the fix for this problem is to set
好的,解决此问题的方法是设置
-Djsse.enableSNIExtension=false
in $SOAPUI_HOME/bin/soapui.bat
在 $SOAPUI_HOME/bin/soapui.bat
The reason is described in this answer: https://stackoverflow.com/a/14884941/1639556
这个答案中描述了原因:https: //stackoverflow.com/a/14884941/1639556
Digest:
消化:
Java 7 introduced SNI support which is enabled by default. I have found out that certain misconfigured servers send an "Unrecognized Name" warning in the SSL handshake which is ignored by most clients... except for Java.
Java 7 引入了默认启用的 SNI 支持。我发现某些配置错误的服务器在 SSL 握手中发送了“无法识别的名称”警告,大多数客户端都忽略了该警告...... Java 除外。
Update: for SoapUI 5.2.1 I had to alter a file SoapUI-5.2.1.vmoptionsbecause modifying batfile did not help.
更新:对于 SoapUI 5.2.1,我不得不更改文件,SoapUI-5.2.1.vmoptions因为修改bat文件没有帮助。
回答by albciff
I think that you're doing the things good. If you load the server certificate on your truststore the connection must works, maybe something is happening like for example a redirect. If you want you can try to disable the SSL server certificate validation. If you use a SOAPUI standalone version edit the $SOAPUI_HOME/bin/soapui.bator $SOAPUI_HOME/bin/soapui.shand add this parameter -Dcom.sun.net.ssl.checkRevocation=falseas java option:
我认为你做得很好。如果您在信任库上加载服务器证书,则连接必须有效,可能正在发生某些事情,例如重定向。如果需要,您可以尝试禁用 SSL 服务器证书验证。如果您使用 SOAPUI 独立版本,请编辑$SOAPUI_HOME/bin/soapui.bator$SOAPUI_HOME/bin/soapui.sh并将此参数添加-Dcom.sun.net.ssl.checkRevocation=false为 java 选项:
soapui.bat
肥皂泡
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.net.ssl.checkRevocation=false
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.net.ssl.checkRevocation=false
soapui.sh
肥皂剧
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.net.ssl.checkRevocation=false"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.net.ssl.checkRevocation=false"
Hope this helps,
希望这可以帮助,
回答by bawinnicki
For anybody using a Mac looking for the same answer (sorry, it won't let me comment on the selected answer as I don't have enough reputation points yet to Comment !!!). Editing soapui.sh won't have any impact if you are launching the App by clicking the icon in your Applications folder or using Spotlight.
对于使用 Mac 寻找相同答案的任何人(抱歉,它不会让我评论所选答案,因为我还没有足够的声望点来评论!!!)。如果您通过单击应用程序文件夹中的图标或使用 Spotlight 来启动应用程序,则编辑 soapui.sh 不会产生任何影响。
/Applications/SoapUI-5.0.0.app/Contents
/Applications/SoapUI-5.0.0.app/Contents
Edit vmoptions.txt and add -Dcom.sun.net.ssl.checkRevocation=false to the bottom of the file.. Save and re-launch.
编辑 vmoptions.txt 并将 -Dcom.sun.net.ssl.checkRevocation=false 添加到文件底部。保存并重新启动。
回答by NevinJ
If you are using a proxy, try bypassing the same (via ProxySettings is SoapUI Preferences)
如果您使用的是代理,请尝试绕过相同的(通过 ProxySettings 是 SoapUI 首选项)
回答by sudoqux
Also make sure you are not running Fiddler, which will try to act as a proxy to any requests made by SoapUI. If you want to make it work with Fiddler, you need to add the Fiddler root certificate to your Java trust store.
还要确保您没有运行 Fiddler,它会尝试充当 SoapUI 发出的任何请求的代理。如果您想让它与 Fiddler 一起使用,您需要将 Fiddler 根证书添加到您的 Java 信任存储中。
See also: SoapUI not working with fiddler for REST service testing
回答by StephaneD
I was also getting following message:
我还收到以下消息:
Error getting response; javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
The issue I had was only when going via a proxy server. Connected directly to Internet without a proxy was working.
我只有在通过代理服务器时才遇到问题。无需代理即可直接连接到 Internet。
I tried all these solutions, and none were working.
我尝试了所有这些解决方案,但都没有奏效。
I even tried to add the trusted CA certificates in a Java key store under WS-Security-Configurations -> Truststores and was still getting the rror.
我什至尝试在 WS-Security-Configurations -> Truststores 下的 Java 密钥库中添加受信任的 CA 证书,但仍然出现错误。
I upgraded to SoapUI 5.2.1 and issue is now resolved.
我升级到 SoapUI 5.2.1,问题现已解决。
It might be worth it for you to try it out.
值得您尝试一下。
