我在spring-boog中的java应用程序连接到托管RabbitMQ的AWS中的UAT服务器时遇到问题。我前面有一个负载均衡器,它会将我的请求重定向到其中一个RMQ示例。
我使用SSL连接到RabbitMQ并生成了一个.p12(PKCS 12)证书文件。
这是spring-boot java应用的属性文件:
spring.rabbitmq.host=rmq-lb.uat.mycompany.com
spring.rabbitmq.port=5671
spring.rabbitmq.username=live_prices
spring.rabbitmq.password=aaaa
spring.rabbitmq.virtualHost=my_virtualhost
spring.rabbitmq.ssl.enabled=true
spring.rabbitmq.ssl.algorithm=TLSv1.2
spring.rabbitmq.ssl.key-store=classpath:/rmq_wr.uat.p12
spring.rabbitmq.ssl.key-store-password=bbbb
...如果我使用.NET应用程序,我不需要做任何额外的步骤,我可以用这个.p12文件连接到RMQ示例。此外,如果我尝试通过docker容器本地连接到RMQ示例,它也可以正常工作。
下面是我的Spring配置类:
@Configuration
public class RabbitMQConfig {
@Value("${mycompany.rabbitmq.queue}")
String queueName;
@Value("${mycompany.rabbitmq.exchange}")
String exchange;
@Value("${mycompany.rabbitmq.routingkey}")
private String routingkey;
@Bean
Queue queue() {
return new Queue(queueName, true);
}
@Bean
TopicExchange exchange() {
return new TopicExchange (exchange);
}
@Bean
Binding binding(Queue queue, TopicExchange exchange) {
return BindingBuilder.bind(queue).to(exchange).with(routingkey);
}
@Bean
public MessageConverter jsonMessageConverter() {
return new Jackson2JsonMessageConverter();
}
public AmqpTemplate rabbitTemplate(ConnectionFactory connectionFactory) {
final RabbitTemplate rabbitTemplate = new RabbitTemplate(connectionFactory);
rabbitTemplate.setMessageConverter(jsonMessageConverter());
return rabbitTemplate;
}
}这是我在调试应用程序时得到的错误:
2021-06-10 09:38:19.914 INFO 20056 --- [ restartedMain] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [rmq-lb.uat.mycompany.com:5671]
2021-06-10 09:38:20.145 ERROR 20056 --- [ restartedMain] c.r.client.impl.SocketFrameHandler : TLS connection failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2021-06-10 09:38:20.149 INFO 20056 --- [ restartedMain] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2021-06-10 09:38:20.176 ERROR 20056 --- [ restartedMain] o.s.boot.SpringApplication : Application run failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:822) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:803) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:346) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
at com.mycompany.rmqconnector.RMQConnectorApp.main(RMQConnectorApp.java:119) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) ~[spring-boot-devtools-2.4.5.jar:2.4.5]
Caused by: org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:70) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:602) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:724) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.createConnection(ConnectionFactoryUtils.java:216) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:2132) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2105) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.send(RabbitTemplate.java:1049) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.convertAndSend(RabbitTemplate.java:1114) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.convertAndSend(RabbitTemplate.java:1107) ~[spring-rabbit-2.3.6.jar:2.3.6]
at com.mycompany.rmq.RabbitMQSender.send(RabbitMQSender.java:26) ~[classes/:na]
at com.mycompany.rmqconnector.RMQConnectorApp.givenUsingTimer_whenSchedulingTaskOnce_thenCorrect(RMQConnectorApp.java:99) ~[classes/:na]
at com.mycompany.rmqconnector.RMQConnectorApp.lambda$0(RMQConnectorApp.java:60) ~[classes/:na]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:819) ~[spring-boot-2.4.5.jar:2.4.5]
... 10 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:na]
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[na:na]
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1403) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:814) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1184) ~[na:na]
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[na:na]
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[na:na]
at java.base/java.io.DataOutputStream.flush(DataOutputStream.java:123) ~[na:na]
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:160) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:170) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:314) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1139) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1087) ~[amqp-client-5.10.0.jar:5.10.0]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connectAddresses(AbstractConnectionFactory.java:638) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connect(AbstractConnectionFactory.java:613) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:565) ~[spring-rabbit-2.3.6.jar:2.3.6]
... 21 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629) ~[na:na]
... 44 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:na]
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:na]
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na]
... 50 common frames omitted有什么想法吗?非常感谢!
编辑1
我设法使它在一个简单的Java应用程序中使用Maven和简单的RabbitMQ客户端库。
这就是代码:
char[] keyPassphrase = "bbbb".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(this.getClass().getClassLoader().getResourceAsStream("rmq_wr.uat.p12"), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
TrustManager[] trustAllCerts = new TrustManager[]{
new X509ExtendedTrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] xcs, String string, Socket socket) throws CertificateException {}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] xcs, String string, Socket socket) throws CertificateException {}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] xcs, String string, SSLEngine ssle) throws CertificateException {}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] xcs, String string, SSLEngine ssle) throws CertificateException {}
}
};
SSLContext c = SSLContext.getInstance("TLSv1.2");
c.init(kmf.getKeyManagers(), trustAllCerts, null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost(rmqHost);
factory.setPort(rmqPort);
factory.setUsername(rmqUsername);
factory.setPassword(rmqPassword);
factory.setVirtualHost(vhost);
factory.useSslProtocol(c);
//factory.enableHostnameVerification();
conn = factory.newConnection();
channel = conn.createChannel();
channel.basicPublish("my_exchange", "test", null, "Hello, World".getBytes());我相信这与www.example.com中的TrustStore选项有关application.properties
...
spring.rabbitmq.ssl.trust-store=file:/C:/Users/User/Desktop/rmqconnector/src/main/resources/cacerts
spring.rabbitmq.ssl.trust-store-password=changeit
spring.rabbitmq.ssl.trust-store-type=JKS
...在我尝试的代码中:
@Bean
public CachingConnectionFactory rabbitConnectionFactory(RabbitProperties config) throws Exception {
ClassPathResource keyStorePath = new ClassPathResource("rmq_wr.uat.p12");
ClassPathResource trustStorePath = new ClassPathResource("rmquat.jks");
RabbitConnectionFactoryBean factory = new RabbitConnectionFactoryBean();
if (config.determineHost() != null) {
factory.setHost(config.determineHost());
}
factory.setPort(config.determinePort());
if (config.determineUsername() != null) {
factory.setUsername(config.determineUsername());
}
if (config.determinePassword() != null) {
factory.setPassword(config.determinePassword());
}
if (config.determineVirtualHost() != null) {
factory.setVirtualHost(config.determineVirtualHost());
}
// read ssl properties from applicaiton.properties
RabbitProperties.Ssl ssl = config.getSsl();
if (ssl.getEnabled()) {
factory.setUseSSL(true);
if (ssl.getAlgorithm() != null) {
factory.setSslAlgorithm(ssl.getAlgorithm());
}
//System.out.println("keystore = " + ssl.getKeyStore());
// factory.set
factory.setKeyStore(keyStorePath.getPath());
factory.setKeyStoreType(ssl.getKeyStoreType());
factory.setKeyStorePassphrase(ssl.getKeyStorePassword());
factory.setTrustStore(ssl.getTrustStore());
//factory.setTrustStore(trustStorePath.getPath());
factory.setTrustStorePassphrase("changeit");
factory.setTrustStoreType("JKS");
//factory.setSkipServerCertificateValidation(true);
}
factory.afterPropertiesSet();
CachingConnectionFactory connectionFactory = new CachingConnectionFactory(factory.getObject());
connectionFactory.setAddresses(config.determineAddresses());
//connectionFactory.setPublisherConfirms(config.isPublisherConfirms());
connectionFactory.setPublisherReturns(config.isPublisherReturns());
if (config.getCache().getChannel().getSize() != null) {
connectionFactory.setChannelCacheSize(config.getCache().getChannel().getSize());
}
if (config.getCache().getConnection().getMode() != null) {
connectionFactory.setCacheMode(config.getCache().getConnection().getMode());
}
if (config.getCache().getConnection().getSize() != null) {
connectionFactory.setConnectionCacheSize(config.getCache().getConnection().getSize());
}
return connectionFactory;
}但这会导致以下异常:
2021-06-15 20:32:04.345 ERROR 17816 --- [ restartedMain] c.r.client.impl.SocketFrameHandler : TLS connection failed: No trusted certificate found
2021-06-15 20:32:04.355 INFO 17816 --- [ restartedMain] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2021-06-15 20:32:04.375 ERROR 17816 --- [ restartedMain] o.s.boot.SpringApplication : Application run failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:822) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:803) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:346) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
at eu.enovos.pfm.rmqconnector.RMQConnectorApp.main(RMQConnectorApp.java:125) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) ~[spring-boot-devtools-2.4.5.jar:2.4.5]
Caused by: org.springframework.amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: No trusted certificate found
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:70) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:602) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:724) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.createConnection(ConnectionFactoryUtils.java:216) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:2132) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2105) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.send(RabbitTemplate.java:1049) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.convertAndSend(RabbitTemplate.java:1114) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.core.RabbitTemplate.convertAndSend(RabbitTemplate.java:1107) ~[spring-rabbit-2.3.6.jar:2.3.6]
at eu.enovos.pfm.rmq.RabbitMQSender.send(RabbitMQSender.java:26) ~[classes/:na]
at eu.enovos.pfm.rmqconnector.RMQConnectorApp.givenUsingTimer_whenSchedulingTaskOnce_thenCorrect(RMQConnectorApp.java:105) ~[classes/:na]
at eu.enovos.pfm.rmqconnector.RMQConnectorApp.lambda$0(RMQConnectorApp.java:66) ~[classes/:na]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:819) ~[spring-boot-2.4.5.jar:2.4.5]
... 10 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No trusted certificate found
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:na]
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[na:na]
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1403) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:814) ~[na:na]
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1184) ~[na:na]
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[na:na]
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[na:na]
at java.base/java.io.DataOutputStream.flush(DataOutputStream.java:123) ~[na:na]
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:160) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:314) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1139) ~[amqp-client-5.10.0.jar:5.10.0]
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1087) ~[amqp-client-5.10.0.jar:5.10.0]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connectAddresses(AbstractConnectionFactory.java:638) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connect(AbstractConnectionFactory.java:613) ~[spring-rabbit-2.3.6.jar:2.3.6]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:565) ~[spring-rabbit-2.3.6.jar:2.3.6]
... 21 common frames omitted
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at java.base/sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:411) ~[na:na]
at java.base/sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:135) ~[na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629) ~[na:na]
... 44 common frames omitted我列出了密钥库中的条目如下:
PS C:\Users\User\Desktop\rmqconnector\src\main\resources> keytool -list -keystore .\rmq_wr.uat.p12 -storepass bbbb -storetype PKCS12
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
1, Jun 15, 2021, PrivateKeyEntry,
Certificate fingerprint (SHA-256): D0:B5:76:...我还复制了cacerts文件以将其用作TrustStore,但这也不起作用。
PS C:\Users\User\Desktop\rmqconnector\src\main\resources> keytool -list -keystore .\cacerts -storepass changeit -storetype PKCS12
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 93 entries
1, Jun 14, 2021, PrivateKeyEntry,
Certificate fingerprint (SHA-256): D0:B5:76:...
....
1条答案
按热度按时间u59ebvdq1#
Spring抱怨它不信任主机
rmq-lb.uat.mycompany.com提供的证书。实际上,问题似乎与传递到应用程序的TrustStore有关。
它在本地工作,因为代码正在创建一个接受TrustStrategy,即Spring应用程序将信任所有呈现的服务器证书。
如果
rmq-lb.uat.mycompany.com中使用的证书是可信的,即由cacerts中包含的可信CA(证书颁发机构)颁发,则不应该有问题。出于开发目的,信任所有服务器证书是可以的,但在生产环境中,这是不可取的,因为人们应该只信任由官方证书颁发机构颁发的SSL证书。
要检查的一件事是
rmq-lb.uat.mycompany.com中存在的服务器证书的证书链,更确切地说是CA根证书。还必须检查证书链中存在的中间证书。如果它确实是由可信机构颁发的,并且此CA未包含在JDK的cacerts中,则可以使用以下命令将其手动包含在已创建的TrustStore中(keytool位于JDK bin文件夹中):或者,如果我们想创建一个Java KeyStore(JKS),我们可以使用特定的证书: