tomcat 9服务器:javax.net.ssl.sslhandshakeexception:空服务器证书链

w7t8yxp5  于 2021-07-09  发布在  Java
关注(0)|答案(1)|浏览(419)

我正在尝试建立ssl连接到我在本地机器上安装的tomact服务器。server.xml包含以下条目:

<Connector
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       sslImplementationName="localSSLImplementation keystoreFile="~/localhost.p12" 
       keystorePass="myPassword"
       keystoreType="PKCS12"

       truststoreFile="~/truststore.p12"
       truststorePass="changeit"
       truststoreType="PKCS12"
       truststoreProvider="SUN"
       clientAuth="required" sslProtocol="TLS"  sslEnabledProtocols="TLSv1.1,TLSv1.2"/>

我在localhost.p12上有一个自签名证书和一对私有公钥
我导出了这个证书,并将它导入了truststore.p12,其中也有从jre的cacerts导入的条目。
现在什么时候 clientAuth="optional" 设置为我可以无缝连接到tomcat服务器,但我可以在eclipse中看到tomcat的stacktrace,如下所示:

javax.net.ssl|DEBUG|15|https-jsse-nio-8443-exec-6|2021-04-22 12:43:24.104 IST|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "certificate_unknown"
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio-8443-exec-5|2021-04-22 12:43:24.104 IST|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "certificate_unknown"
}
)
javax.net.ssl|ERROR|15|https-jsse-nio-8443-exec-6|2021-04-22 12:43:24.106 IST|TransportContext.java:341|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
    at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
    at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
    at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:511)
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:243)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1685)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)}

)
javax.net.ssl|ERROR|14|https-jsse-nio-8443-exec-5|2021-04-22 12:43:24.106 IST|TransportContext.java:341|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
    at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
    at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
    at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:511)
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:243)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1685)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)}

)
javax.net.ssl|ALL|16|https-jsse-nio-8443-exec-7|2021-04-22 12:43:24.116 IST|X509Authentication.java:295|No X.509 cert selected for EC
javax.net.ssl|ALL|19|https-jsse-nio-8443-exec-10|2021-04-22 12:43:24.151 IST|X509Authentication.java:295|No X.509 cert selected for EC
javax.net.ssl|ALL|18|https-jsse-nio-8443-exec-9|2021-04-22 12:43:24.187 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|18|https-jsse-nio-8443-exec-9|2021-04-22 12:43:24.188 IST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
javax.net.ssl|ALL|10|https-jsse-nio-8443-exec-1|2021-04-22 12:43:24.406 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|ALL|13|https-jsse-nio-8443-exec-4|2021-04-22 12:43:24.432 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|ALL|13|https-jsse-nio-8443-exec-4|2021-04-22 12:43:24.433 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|ALL|11|https-jsse-nio-8443-exec-2|2021-04-22 12:43:24.438 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|ALL|11|https-jsse-nio-8443-exec-2|2021-04-22 12:43:24.441 IST|SSLEngineImpl.java:752|Closing outbound of SSLEngine

问题1:-我不知道这是否应该发生,因为我在中指定了相同的证书 truststoreFile 问题2:如果我改变主意 clientAuth="required" ,我打算这样做,我在chrome中跟踪堆栈跟踪和警告。 stackTrace:- ```
avax.net.ssl|ALL|11|https-jsse-nio-8443-exec-2|2021-04-22 12:48:16.627 IST|X509Authentication.java:295|No X.509 cert selected for EC
javax.net.ssl|ALL|10|https-jsse-nio-8443-exec-1|2021-04-22 12:48:16.627 IST|X509Authentication.java:295|No X.509 cert selected for EC
javax.net.ssl|DEBUG|14|https-jsse-nio-8443-exec-5|2021-04-22 12:48:16.660 IST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_unknown"
}
)
javax.net.ssl|DEBUG|15|https-jsse-nio-8443-exec-6|2021-04-22 12:48:16.660 IST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_unknown"
}
)
javax.net.ssl|ERROR|14|https-jsse-nio-8443-exec-5|2021-04-22 12:48:16.662 IST|TransportContext.java:341|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:511)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:243)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1685)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)}

)
javax.net.ssl|ERROR|15|https-jsse-nio-8443-exec-6|2021-04-22 12:48:16.662 IST|TransportContext.java:341|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:511)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:243)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1685)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)}

)
javax.net.ssl|ALL|16|https-jsse-nio-8443-exec-7|2021-04-22 12:48:16.669 IST|X509Authentication.java:295|No X.509 cert selected for EC
javax.net.ssl|ERROR|18|https-jsse-nio-8443-exec-9|2021-04-22 12:48:16.680 IST|TransportContext.java:341|Fatal (BAD_CERTIFICATE): Empty server certificate chain (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Empty server certificate chain
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:390)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:375)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:455)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:519)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:243)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1685)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)}

)
javax.net.ssl|WARNING|18|https-jsse-nio-8443-exec-9|2021-04-22 12:48:16.682 IST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
``` Text Displayed in chrome:- 当我尝试连接到https://localhost:8443

This site can’t provide a secure connectionlocalhost didn’t accept your login certificate, or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT

如果我尝试通过ssl客户端建立连接,请看到以下错误:

SSL handshake has read 16672 bytes and written 388 bytes
Verification error: self signed certificate

======================================================================== Editing this post dave的评论部分确实帮助我解决了第二个问题,在这种情况下,我在chrome中添加了自签名证书。
但对于第一个问题,我仍然能够在tomcat服务器的日志中看到与我发布的第一个堆栈跟踪完全相似的堆栈跟踪。所以现在我的查询是因为我已经在服务器的信任库中导入了同一个根,该根已经签署了我的客户机证书。那我为什么要看 javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown 当我建立从客户机到服务器的连接时,在堆栈跟踪中?

Javatomcat9tomcatjava-security

1条答案

按热度按时间
91zkwejq

91zkwejq1#

参考戴夫的评论。我刚发现我看到的堆栈轨迹 certificate_unknown 是因为客户端不信任我的服务器的自签名证书。所以这很正常,因为我的浏览器不信任本地证书。如果它是由授权ca签署的,那么这将解决问题。

赞(0)分享  回复(0)举报  2021-07-09
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com