Setup: WL 9.2 + Jersey 1.1.5.1 on WL s Jrockit. Picked Jersey 1.1.5.1 because newer versions require Java 6, I believe. Weblogic EJB acts as REST Client and keeps getting this error:
ClientHandlerException: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.
As this just a POC implementation, Weblogic is setup with various flags to ignore cert verification just to make this error go away:
-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.webservice.client.ssl.strictcertchecking=false
Also, the Jersey config setup includes this bit:
SSLContext ctx = SSLContext.getInstance("SSL");
HTTPSProperties prop = new HTTPSProperties(
new HostnameVerifier () {
public boolean verify(String hostname, SSLSession session) {
System.out.println("
FAKE_Verifier: " + hostname+"
");
return true;
}
}, ctx);
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, prop);
最后,唯一的WL服务器,从技术上说是行政机器,在行政结构中配置。 不使用“签字”的先进环境。
现在,我确信,我为泽西人设立的假信验证员实际上没有参与,因为我从SSL debug中看到这一错误:
<SecuritySSL> <000000> <weblogic user specified trustmanager validation status 16>
<Security> <BEA-090477> <Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.>
<SecuritySSL> <000000> <Validation error = 16>
<SecuritySSL> <000000> <Certificate chain is untrusted>
<SecuritySSL> <000000> <SSLTrustValidator returns: 16>
<SecuritySSL> <000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<SecuritySSL> <000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
我在此回顾并研究了有关SO的其他类似问题,但我可能没有。 另外,从我可以判断的ert看起来有效的话来看,它表明它适用于CN=*.restprovider.com,于2011年5月到期。