问题:
由于“没有适当的协议”,无法用证书加载web服务
欧阳向文
我试图用ssl证书加载一个web服务,它说是服务器启动,但当我试图使用这个web服务(通过SOAPUI)时,我得到了“SSLHandShakeException”,在eclipse上日志中我看到以下内容:
SSLV2无可用密码套件Hello无可用密码套件SSLv3无可用密码套件TLSv1无可用密码套件TLSv1.1无可用密码套件TLSv1.2 qtp1589240253-57,致命错误:80:问题解包装网络记录javax.net.ssl.sslhandShakeException:没有适当的协议qtp1589240253-57,发送TLSv1警报:致命,描述=internal_error qtp1589240253-57,写入:TLSv1警报,长度=2 qtp1589240253-57,调用closeOutbound()qtp1589240253-57,closeOutbound内部()
我试图查看jdk.tls.disabledalgorithms=上的java.security文件,但它已经注释了。
这是我的代码:
String address = "https://localhost:8052/test";
JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
sf.setServiceClass(new testImpl().getClass());
sf.setAddress(address);
sf.getServiceFactory().setInvoker(new BeanInvoker(new
testImpl()));
SSLServerConfigUtil sSLServerConfigUtil = new SSLServerConfigUtil();
sSLServerConfigUtil.setTrustpass("test123");
sSLServerConfigUtil.setKeyStoreName("JKS");
sSLServerConfigUtil.setFilePath("C:\\serverKeystore.jks");
sSLServerConfigUtil.configureSSLOnTheServer(sf, 8052);
公共类SSLServerConfigUtil{
private String trustpass;
private String keyStoreName;
private String filePath;
public SSLServerConfigUtil() {
}
public JaxWsServerFactoryBean configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port, String address) {
try {
TLSServerParameters tlsParams = new TLSServerParameters();
KeyStore keyStore = KeyStore.getInstance(keyStoreName);
String password = trustpass;
File truststore = new File(filePath);
keyStore.load(new FileInputStream(truststore), password.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
truststore = new File(filePath);
keyStore.load(new FileInputStream(truststore), password.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_EXPORT_.*");
filter.getInclude().add(".*_EXPORT1024_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
filter.getInclude().add(".*_CBC_*");
filter.getInclude().add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
tlsParams.setCipherSuitesFilter(filter);
ClientAuthentication ca = new ClientAuthentication();
ca.setRequired(true);
ca.setWant(true);
tlsParams.setClientAuthentication(ca);
JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
factory.setTLSServerParametersForPort(port, tlsParams);
}
catch (KeyStoreException kse) {
System.out.println("Security configuration failed with the following: " + kse.getCause());
}
catch (NoSuchAlgorithmException nsa) {
System.out.println("Security configuration failed with the following: " + nsa.getCause());
}
catch (FileNotFoundException fnfe) {
System.out.println("Security configuration failed with the following: " + fnfe.getCause());
}
catch (UnrecoverableKeyException uke) {
System.out.println("Security configuration failed with the following: " + uke.getCause());
}
catch (CertificateException ce) {
System.out.println("Security configuration failed with the following: " + ce.getCause());
}
catch (GeneralSecurityException gse) {
System.out.println("Security configuration failed with the following: " + gse.getCause());
}
catch (IOException ioe) {
System.out.println("Security configuration failed with the following: " + ioe.getCause());
}
return sf;
}
public String getTrustpass() {
return trustpass;
}
public void setTrustpass(String trustpass) {
this.trustpass = trustpass;
}
public String getKeyStoreName() {
return keyStoreName;
}
public void setKeyStoreName(String keyStoreName) {
this.keyStoreName = keyStoreName;
}
public String getFilePath() {
return filePath;
}
public void setFilePath(String filePath) {
this.filePath = filePath;
}
> found key for : myserverkey
chain [0] = [
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
Key: Sun DSA Public Key
Parameters:DSA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
y:
7dbaa1be 67511718 1d35eee7 6d52a7ef a204f2e4 2d0716cc 63671fac 1f094701
91f30d6d aa79efcd c7f3c076 27f16ff3 fe1e236c 06f7de90 13f7108e 54a25487
f40b1619 bbaf0a3a e2be9303 a458da35 8f1d5a42 5ded9e1e b55396e9 33668c46
03edd8db 49081077 3dbcd226 69f1a537 8edaa51f d6e9701f bee09df9 46cad1f3
Validity: [From: Thu Jan 28 08:45:23 GMT+02:00 2016,
To: Sat Jan 27 08:45:23 GMT+02:00 2018]
Issuer: CN=localhost
SerialNumber: [ 7879d2f7]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 FA 45 5C B0 4F 56 0B E2 FB E3 D4 AA 90 69 0E ..E\.OV.......i.
0010: CE 07 54 09 ..T.
]
]
]
Algorithm: [SHA1withDSA]
Signature:
0000: 30 2D 02 15 00 8E AA 9B A8 BD 67 F4 A3 2B 66 4C 0-........g..+fL
0010: 56 12 81 51 57 08 1C 74 4C 02 14 08 F9 C5 12 0C V..QW..tL.......
0020: 5A 3D BC 1C 5F CB D1 E9 D7 E3 01 89 36 24 4B Z=.._.......6$K
]
***
adding as trusted cert:
Subject: CN=localhost
Issuer: CN=localhost
Algorithm: DSA; Serial number: 0x7879d2f7
Valid from Thu Jan 28 08:45:23 GMT+02:00 2016 until Sat Jan 27 08:45:23 GMT+02:00 2018
Feb 03, 2016 8:56:33 AM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service
Feb 03, 2016 8:56:34 AM org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be https://localhost:8052/test
Feb 03, 2016 8:58:26 AM org.eclipse.jetty.server.Server doStart
INFO: jetty-7.5.4.v20111024
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Feb 03, 2016 8:59:13 AM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started CXFJettySslSocketConnector@0.0.0.0:8052 STARTING
Feb 03, 2016 8:59:17 AM org.eclipse.jetty.server.handler.ContextHandler startContext
INFO: started o.e.j.s.h.ContextHandler{,null}
Feb 03, 2016 8:59:18 AM com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.3 (FCS b03) for context '/OnInterfaces'
Feb 03, 2016 8:59:19 AM com.sun.faces.spi.InjectionProviderFactory createInstance
INFO: JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans methods marked with these annotations will have said annotations processed.
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Feb 03, 2016 8:59:19 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 387136 ms
有人能帮忙吗?提前感谢!!
共有1个答案
孙绍辉
尝试将从oracle站点http://www.oracle.com/technetwork/es/Java/javase/downloads/jce-7-download-432124.html下载的Java Criptography扩展jar文件添加到java_home/jre/security/lib文件夹中。让我们知道!问候
**编辑:用于使用安装证书。1.下载并编译。2.编辑您的运行配置,添加程序参数,方法如下:host:port passphrase(通常此pass是“changeit”)3。使用该配置运行它。4.Installcert创建truststore的副本,并将服务器上的证书添加到副本中。5.将“jssecacerts”重命名为cacerts,并替换Java>JRE>Security>lib6中的原始cacerts文件。然后尝试连接到您的服务器
类似资料:
-
我尝试将我的SSL证书添加到JVM的密钥存储库中,我甚至尝试用这段代码接受每一个证书(这违背了我所知道的SSL的目的 我被难住了,任何帮助都将非常感谢!
-
在IntelliJ想法更新之后,我在尝试连接到DB时得到了异常。
-
我想为我的REST API使用TLS,我计划为它创建自签名证书,并为我的restapi的客户端提供公钥。 我的restapi部署在tomcat catalina容器(tomcat版本8.0.42)上。 我的测试步骤如下, 服务器端 1) 我使用openssl创建了一个自签名证书 2) 已创建bundle 3) 然后将tomcat配置为启用TLS(keystoreType为“PKCS12”),并启动
-
我正试图使Web服务与protobuf和json一起工作。问题在于,为了构建我的proto,我需要能够读取inputStream(至少我没有看到其他方法)。 我为protobuf创建了一个转换器: 在我的Spring配置中使用: 我的控制器: 问题是,如果我让控制器这样做,我会得到一个错误,因为我的webservice不支持application/octet流。 [main]信息组织。日食码头。服
-
单机版中使用的连接器标记。下面是xml。
-
我收到了一个新的密钥库。jks文件用于ssl连接,以替换旧的但仍在工作的。jks密钥库文件,但我收到了“意外握手消息:serve_hello”错误。我被告知要确保密钥库包含客户端证书,所以我使用keytool将其证书导出到pem文件,然后使用openssl检查目的。结果显示 证书用途:SSL客户端:否SSL客户端CA:否SSL服务器:是SSL服务器CA:否... 然而,当我应用相同的过程来检查旧的