使用ssl连接到kafka群集时,获取pkix路径生成失败,apache camel出现异常

mf98qq94  于 2021-06-04  发布在  Kafka
关注(0)|答案(2)|浏览(364)

当我用apachecamel和ssl连接到kafka集群时,我遇到了下面的问题,有人能帮我解决这个问题吗
javax.net.ssl.sslhandshakeexception:sun.security.validator.validatorexception:pkix路径生成失败:sun.security.provider.certpath.suncertpathbuilderexception:无法在sun.security.ssl.alerts.getsslexception(警报)中找到请求目标的有效证书路径。java:192)在sun.security.ssl.sslsocketimpl.fatal(sslsocketimpl。java:1937)在sun.security.ssl.handshaker.fatalse(握手器。java:302)在sun.security.ssl.handshaker.fatalse(握手器。java:296)在sun.security.ssl.clienthandshaker.servercertificate(clienthandshaker。java:1478)在sun.security.ssl.clienthandshaker.processmessage(clienthandshaker。java:212)在sun.security.ssl.handshaker.processloop(握手器。java:957)在sun.security.ssl.handshaker.process\u record(handshaker。java:892)在sun.security.ssl.sslsocketimpl.readrecord(sslsocketimpl。java:1050)在sun.security.ssl.sslsocketimpl.performitialhandshake(sslsocketimpl。java:1363)在sun.security.ssl.sslsocketimpl.writerecord(sslsocketimpl。java:735)在sun.security.ssl.appoutputstream.write(appoutputstream。java:123)在java.io.bufferedoutputstream.flushbuffer(bufferedoutputstream。java:82)在java.io.bufferedoutputstream.flush(bufferedoutputstream。java:140)
//这是加载.jks文件的正确方法吗?

@Component
    public class MyRouteDefinition extends RouteBuilder {

    @Override
    public void configure() throws Exception {

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setType("jks");
        ksp.setResource("truststore.jks);
        ksp.setPassword("password");

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyStore(ksp);
        kmp.setKeyPassword("password");

        TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
        trustManagersParameters.setKeyStore(ksp);

        SSLContextParameters scp = new SSLContextParameters();
        scp.setKeyManagers(kmp);
        scp.setTrustManagers(trustManagersParameters);

        HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
        httpComponent.setSslContextParameters(scp);

        //TO HTTPS
        from(...)
        .to("https://localhost:8080/load")
             log.debug("The response code is: {}", responseCode);
         }
    }
yx2lnoni

yx2lnoni1#

使用https时,客户端需要信任服务器。服务器发送证书以证明其身份。证书由ca(证书颁发机构)签名。客户机仅在识别签署其证书的ca时才信任服务器。如果ca存在于其信任库中,则客户端将识别该ca。
您还可以直接将证书导入信任库,以防证书未经ca签名。
我猜你要么
导入签署服务器的ca(正在侦听的ca)localhost:8080)将证书放入客户端的信任库
将服务器的证书本身导入信任库。

hof1towb

hof1towb2#

System.setProperty("javax.net.ssl.trustStore", "C:\\user\\myTrustStore"); 
System.setProperty("javax.net.ssl.trustStorePassword", "123456");

我找到了解决办法,上面的线很好

相关问题