English 中文(简体)
泽西岛网络教育用户 HTTPS: Handshake的失败
原标题:Weblogic REST Client with Jersey HTTPS: Handshake failure

Setup: WL 9.2 + Jersey 1.1.5.1 on WL s Jrockit. Picked Jersey 1.1.5.1 because newer versions require Java 6, I believe. Weblogic EJB acts as REST Client and keeps getting this error:

ClientHandlerException: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.

As this just a POC implementation, Weblogic is setup with various flags to ignore cert verification just to make this error go away:

-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off  -Dweblogic.webservice.client.ssl.strictcertchecking=false

Also, the Jersey config setup includes this bit:

SSLContext ctx = SSLContext.getInstance("SSL");
HTTPSProperties prop = new HTTPSProperties(
new HostnameVerifier () {
    public boolean verify(String hostname, SSLSession session) {
        System.out.println("

FAKE_Verifier: " + hostname+"

");
        return true;
    }
}, ctx);
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, prop);

最后,唯一的WL服务器,从技术上说是行政机器,在行政结构中配置。 不使用“签字”的先进环境。

现在,我确信,我为泽西人设立的假信验证员实际上没有参与,因为我从SSL debug中看到这一错误:

<SecuritySSL> <000000> <weblogic user specified trustmanager validation status 16> 
<Security> <BEA-090477> <Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.> 
<SecuritySSL> <000000> <Validation error = 16> 
<SecuritySSL> <000000> <Certificate chain is untrusted> 
<SecuritySSL> <000000> <SSLTrustValidator returns: 16> 
<SecuritySSL> <000000> <Trust status (16):  CERT_CHAIN_UNTRUSTED> 
<SecuritySSL> <000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)

我在此回顾并研究了有关SO的其他类似问题,但我可能没有。 另外,从我可以判断的ert看起来有效的话来看,它表明它适用于CN=*.restprovider.com,于2011年5月到期。

最佳回答

证书不可信。 我认为,最好的解决办法是利用关键工具,在网上信托库中增加:

keytool -importcert -trustcacerts ...

也可以在法典中这样做:

   TrustManagerFactory trustManagerFactory = TrustManagerFactory
                .getInstance("SunX509");
   trustManagerFactory.init(trustStore);
   trustManagers = trustManagerFactory.getTrustManagers();
   SSLContext context = SSLContext.getInstance("TLS");
   context.init(keyManagers, trustManagers, new SecureRandom());
   HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());

信托店——是一个包含证书的重要仓库

问题回答

暂无回答




相关问题
Allow RESTful DELETE method in asp.net mvc?

im currently setting up asp.net to accept DELETE http verb in the application. However, when i send "DELETE /posts/delete/1" i always get a 405 Method not allow error. I tried to take a look at ...

Most appropriate API for URL shortening service

I ve just finished an online service for shortening URLs (in php5 with Zend Framework); you can enter an URL and you get an short URL (like tinyurl and such sites). I m thinking about the API for ...

Use HTTPClient or HttpUrlConnection? [closed]

We re implementing a REST client on JRE 1.4. Seems two good options for a client REST framework are HttpClient and HttpUrlConnection. Is there a reason to use HttpClient over the JRE s ...

Why can t I find the truststore for an SSL handshake?

I m using the Spring RESTTemplate on the client side to make calls to a REST endpoint. The client in this case is a Spring app and Tomcat is the servlet container. I m running into issues making a ...

Which Http redirects status code to use?

friendfeed.com uses 302. bit.ly uses 301. I had decided to use 303. Do they behave differently in terms of support by browsers ?

Three Step Buyonline The RESTful way

We are re-developing our buyonline functionality and we are doing it the RESTful way. The process is a three step one and the customer is asked to enter data at each step. Let s say the three URL s ...

热门标签