当前位置: 首页 > 知识库问答 >
问题:

sslHandShakeException:空证书链java错误

秦博达
2023-03-14

我试图建立一个ssl连接。我有一个服务器和一个客户端。我让他们两个在同一台机器上运行。我试图在客户端和服务器之间建立SSL连接。我已经使用以下keytool命令为服务器和客户端生成了证书。

对于客户

keytool-import-keystore clientstore-file server.cer-alias server

完成此操作后,我将server.cer和client.cer都导入到cacerts密钥库中。但是,当我试图建立ssl连接时,我在服务器javax.net.ssl.sslhandShakeException上得到这个错误:null证书链,在客户端javax.net.ssl.sslhandShakeException上得到这个错误:接收致命警报:BAD_Certificate。

我的服务器代码。

package serverapplicationssl;


import java.io.*;
import java.security.KeyStore;
import java.security.Security;
import java.security.PrivilegedActionException;

import javax.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.Security;

import java.io.*;

public class ServerApplicationSSL {

public static void main(String[] args) {
boolean debug = true;

System.out.println("Waiting For Connection");

int intSSLport = 4447;

{
    Security.addProvider(new Provider());

}
if (debug) {
    System.setProperty("javax.net.debug", "all");
}
FileWriter file = null;
try {
    file = new FileWriter("C:\\SSLCERT\\Javalog.txt");

} catch (Exception ee) {
    //message = ee.getMessage();

}

try {

    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(new FileInputStream("C:\\SSLCERT\\OntechServerKS"), "server".toCharArray());
    file.write("Incoming Connection\r\n");

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
            .getDefaultAlgorithm());
    kmf.init(keystore, "server".toCharArray());

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(kmf.getKeyManagers(), null, null);

    SSLServerSocketFactory sslServerSocketfactory = (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketfactory.createServerSocket(intSSLport);
    sslServerSocket.setEnabledCipherSuites(sslServerSocket.getSupportedCipherSuites());
    sslServerSocket.setNeedClientAuth(true);
    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    //SSLServerSocket server_socket = (SSLServerSocket) sslServerSocket;

    sslSocket.startHandshake();

 // Start the session
    System.out.println("Connection Accepted");
    file.write("Connection Accepted\r\n");

    while (true) {
        PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);

        String inputLine;

        //while ((inputLine = in.readLine()) != null) {
        out.println("Hello Client....Welcome");
        System.out.println("Hello Client....Welcome");
        //}

        out.close();
        //in.close();
        sslSocket.close();
        sslServerSocket.close();
        file.flush();
        file.close();
    }

} catch (Exception exp) {
    try {
        System.out.println(exp.getMessage() + "\r\n");
        exp.printStackTrace();
        file.write(exp.getMessage() + "\r\n");
        file.flush();
        file.close();
    } catch (Exception eee) {
        //message = eee.getMessage();
    }

}

}

}
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.Enumeration;

import javax.net.ssl.*;

public class SSLConnect {

public String MakeSSlCall(String meternum) {
    String message = "";
    FileWriter file = null;
    try {
        file = new FileWriter("C:\\SSLCERT\\ClientJavalog.txt");

    } catch (Exception ee) {
        message = ee.getMessage();

    }
    //writer = new BufferedWriter(file );
    try {
        file.write("KeyStore Generated\r\n");
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(new FileInputStream("C:\\SSLCERT\\SkyeClientKS"), "client".toCharArray());

        file.write("KeyStore Generated\r\n");
        Enumeration enumeration = keystore.aliases();
        while (enumeration.hasMoreElements()) {
            String alias = (String) enumeration.nextElement();
            file.write("alias name: " + alias + "\r\n");
            keystore.getCertificate(alias);
            file.write(keystore.getCertificate(alias).toString() + "\r\n");
        }
        TrustManagerFactory tmf =TrustManagerFactory.getInstance("SunX509");
        tmf.init(keystore);
        file.write("KeyStore Stored\r\n");
        SSLContext context = SSLContext.getInstance("SSL");
        TrustManager[] trustManagers = tmf.getTrustManagers();
        context.init(null, trustManagers, null);

        SSLSocketFactory f = context.getSocketFactory();
        file.write("About to Connect to Ontech\r\n");
        SSLSocket c = (SSLSocket) f.createSocket("192.168.1.16", 4447);
        file.write("Connection Established to 196.14.30.33 Port: 8462\r\n");
        file.write("About to Start Handshake\r\n");
        c.startHandshake();
        file.write("Handshake Established\r\n");
        file.flush();
        file.close();
        return "Connection Established";
    } catch (Exception e) {
        try {
            file.write("An Error Occured\r\n");
            file.write(e.getMessage() + "\r\n");
            StackTraceElement[] arrmessage = e.getStackTrace();
            for (int i = 0; i < arrmessage.length; i++) {
                file.write(arrmessage[i] + "\r\n");
            }

            file.flush();
            file.close();
        } catch (Exception eee) {
            message = eee.getMessage();

        }
        return "Connection Failed";
    }
}
}
javax.net.ssl.SSLHandshakeException: null cert chain
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1804)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:222)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:892)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at serverapplicationssl.ServerApplicationSSL.main(ServerApplicationSSL.java:69)

我的客户端上的堆栈跟踪执行

Received fatal alert: bad_certificate
sun.security.ssl.Alerts.getSSLException(Unknown Source)
sun.security.ssl.Alerts.getSSLException(Unknown Source)
sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
SSLConnect.MakeSSlCall(SSLConnect.java:96)
BankCollectSSLCon.main(BankCollectSSLCon.java:13)

是什么导致了这个错误?,可能是因为我在同一台机器上运行服务器和客户机吗?…已经在这个问题上有一段时间了。我需要帮助

共有1个答案

龙霖
2023-03-14

请尝试包含此代码段,以便所有证书都将被信任。

  public static void trustSelfSignedSSL() {
    try {
        SSLContext ctx = SSLContext.getInstance("TLS");
        X509TrustManager tm = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate[] xcs, String string)
                    throws CertificateException {}

            public void checkServerTrusted(X509Certificate[] xcs, String string)
                    throws CertificateException {}

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        ctx.init(null, new TrustManager[] { tm }, null);
        SSLContext.setDefault(ctx);
    } catch (Exception ex) {
        // LOGGER.error("Exception : ", ex.getStackTrace());
        System.out.println(ex.getStackTrace());
    }
 类似资料:
  • 为了解决这个问题,我使用浏览器访问地址,在.cert文件中下载证书,并使用keytool命令导入java cacerts密钥库。在此之后,应用程序可以正常工作。 我的问题是:如果证书是用VeriSign签名的,为什么java不识别证书?默认情况下VeriSign证书没有安装在cacerts密钥库中?也许我不明白SSL是如何工作的。浏览器和java桌面行为有什么不同?我可以用我的浏览器连接到这个UR

  • 问题内容: 我遇到客户端https请求的问题。 片段可以如下所示: 我得到的是错误:证书链中的自签名证书。 使用邮递员时,我可以导入客户端证书和密钥,并且可以毫无问题地使用它。有没有可用的解决方案?我还希望对邮递员如何处理证书和工作方式有所了解。 问题答案: 根据您的问题,我想您正在使用SSL通讯的自签名证书进行开发。 如果是这种情况,请在您正在运行节点的任何地方或直接使用 这指示节点允许不信任的

  • 问题是如何在Java中以编程方式生成证书链。换言之,我想用java执行此处详述的操作:http://fusesource.com/docs/broker/5.3/security/i382664.html 当然,我可以为新客户端创建RSA密钥: } 并生成相应的证书: } 然后我生成证书签名请求,并将其保存到csrFile文件: 哪里 现在我应该用CA私钥对CSR进行签名,但我不知道如何在java

  • 我正在尝试打开一个htttps网站。网址是前。https://x.xx.xx.xx/.我已经写了打击代码。 字符串url=”https://x.xx.xx.xx/"; URL obj=新URL(URL); HttpURLConnection con=(HttpURLConnection)obj。openConnection(); //可选的默认值是GETcon.setRequest estmeth

  • 问题内容: 我尝试将带有正确APP_ID,APP_SECRET等的curl请求发送到 我需要从中获取access_token,但需要返回FALSE并打印下一条消息: 我的代码是: 当我手动移动到上面的链接时,我会很好地获得access_token。为什么卷曲不起作用?请帮助。 问题答案: 建议禁用的答案不被接受。问题是“为什么它不适用于cURL”,正如Martijn Hols正确指出的那样,这很危

  • 我尝试将带有正确应用程序ID、应用程序机密等的curl请求发送到 我需要从中获取访问令牌,但获取FALSE和print next message,否则: 我的代码是: 当我手动移动到上面的链接时,我很好地获得了访问权。为什么卷曲不起作用?请帮忙。