问题:
SSLPeerUnverifiedException异常
宗啸
httpBuilder = new HTTPBuilder(url)
httpBuilder.setHeaders(['Authorization':'Basic MyKey'])
httpBuilder.request( GET, JSON ) {
response.success = { resp, reader ->
.......
我知道密钥是正确的,但我不断从Assembly payment获得“peer not authenticated”的URL:https://test.api.promisePay.com/users
我检查异常类及其SSLPeerunverifiedException。好像和TLS协议有关。
更新:
echo -n | openssl s_client -connect test.api.promisepay.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.api.promisepay.com.cert
sudo keytool -importcert -alias "assembly" -file /tmp/test.api.promisepay.com.cert -keystore /opt/java/jre/lib/security/cacerts -storepass changeit
证书已成功导入keystore,但仍抛出错误SSLPeerUnverifiedException异常。
更新2:
trustStore is: /opt/jdk1.7.0_80/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 14:06:00 IST 2006 until Sat Oct 25 14:06:00 IST 2036
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 03:53:48 IST 1999 until Wed Jun 26 03:53:48 IST 2019
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Fri Nov 17 05:30:00 IST 2006 until Thu Jul 17 05:29:59 IST 2036
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Tue Nov 28 01:53:42 IST 2006 until Sat Nov 28 02:23:42 IST 2026
adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Tue May 26 05:30:00 IST 2009 until Tue May 26 05:30:00 IST 2020
adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
Valid from Fri Aug 01 18:01:40 IST 2008 until Sat Jul 31 18:01:40 IST 2038
/// Lots of adding as trusted cert messages...........
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
http-bio-8080-exec-2, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:
GMT: 1513260023
bytes = {
59,
22,
52,
225,
123,
49,
3,
40,
88,
64,
182,
97,
150,
68,
98,
52,
74,
82,
175,
184,
181,
239,
34,
60,
214,
113,
43,
80 }
Session ID:
{}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: {
0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 149
0000: 01 00 00 91 03 01 5A 33 84 F7 3B 16 34 E1 7B 31 ......Z3..;.4..1
0010: 03 28 58 40 B6 61 96 44 62 34 4A 52 AF B8 B5 EF .(X@.a.Db4JR....
0020: 22 3C D6 71 2B 50 00 00 2A C0 09 C0 13 00 2F C0 "<.q+P..*...../.
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 .....
http-bio-8080-exec-2, WRITE: TLSv1 Handshake, length = 149
[Raw write]: length = 154
0000: 16 03 01 00 95 01 00 00 91 03 01 5A 33 84 F7 3B ...........Z3..;
0010: 16 34 E1 7B 31 03 28 58 40 B6 61 96 44 62 34 4A .4..1.(X@.a.Db4J
0020: 52 AF B8 B5 EF 22 3C D6 71 2B 50 00 00 2A C0 09 R...."<.q+P..*..
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................
0050: C0 02 C0 0C 00 04 00 FF 01 00 00 3E 00 0A 00 34 ...........>...4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 ..........
http-bio-8080-exec-2, received EOFException: error
http-bio-8080-exec-2, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-bio-8080-exec-2
, SEND TLSv1 ALERT:
fatal,
description = handshake_failure
http-bio-8080-exec-2, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
http-bio-8080-exec-2, called closeSocket()
http-bio-8080-exec-2, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-bio-8080-exec-2, called close()
http-bio-8080-exec-2, called closeInternal(true)
http-bio-8080-exec-2, called close()
http-bio-8080-exec-2, called closeInternal(true)
Exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Finalizer, called close()
Finalizer, called closeInternal(true)
共有1个答案
房冥夜
您的证书链的根证书被添加到Java8U51的默认信任存储中。
您必须执行以下任务之一:
- 使用新的Java版本,至少8u51
- 在客户端中允许不受信任的证书
- 将该特定证书添加为受信任证书
- 将根证书添加为受信任根证书
类似资料:
-
问题内容: 使用Apache HttpClient 4.2.1。使用从基于表单的登录示例复制的代码 http://hc.apache.org/httpcomponents-client- ga/examples.html 访问受SSL保护的登录表单时出现异常: 据我所知,该证书很好(请参阅堆栈跟踪之前的URL),并且不会过期-浏览器不会抱怨。 我尝试将证书导入到我的密钥库中 如何使用ApacheH
-
使用Apache HttpClient 4.2.1。使用从基于表单的登录示例中复制的代码 http://hc.apache.org/httpcomponents-client-ga/examples.html 我在访问受SSL保护的登录表单时遇到异常: 据我所知,证书还可以(查看堆栈跟踪之前的URL),没有过期——浏览器不会抱怨。 我已尝试将证书导入密钥库a la 如何使用Apache HttpC
-
问题内容: 我需要测试正在部署到HTTPS终结点上部署的预发布环境的Web服务。不幸的是,SoapUI 异常失败。我同时使用了4.6.4版本和非常新的5.0版本。 信封: 终结点是https,startcom证书,网络使用代理(但是同一问题,没有代理使用不同的网络) 我已经花了很多时间,也许是一天都在搜寻解决方案。特别是此链接看起来很有希望:https : //forum.soapui.org/v
-
再说一遍,SSLPeerunverificed的沉闷问题,但我没有使用自签名证书。我尝试使用HTTPS连接到主机。此主机具有正确的证书,Firefox和HttpsUrlConnection都没有任何问题。然而,在尝试使用HttpClient进行连接时,我遇到了可怕的异常。 有线索吗?还是小费在哪里看得更近? 谢了!
-
我有一个服务,它公开了一个API我想测试。我在localhost上运行该服务,它有一个自签名证书。 我将。p12文件添加到test/resources和: 还增加了这个: restassured.config().sslconfig(sslconfig.sslconfig().AllowAllHostNames()); 但是,我得到以下错误: javax.net.ssl.sslpeerunveri
-
我想在我的工作电脑上安装竹代理。我已经下载了jar文件,并尝试使用以下语法运行它 我得到错误javax.net.ssl.sslpeerunverifiedException:peer未经过身份验证。 这个错误的来源对我来说是清楚的--我们有一个自签名的SSL Sertificate。我尝试使用以下参数运行 但它并不起作用。 我尝试使用这个链接添加证书Java keytool从URL/端口添加服务器