是否有一种简单的方法可以检查两个 .p12 文件,一个用于服务器,一个用于客户端,对于双方都需要授权(包括客户端授权)的 SSL 握手是否应该相互接受?这些 .p12 文件中的每一个都包含信任管理器和密钥管理器。
特别是,什么会在服务器端导致这样的错误?
SEND TLSv1 ALERT: fatal, description = bad_certificate
WRITE: TLSv1 Alert, length = 2
called closeSocket()
handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
在 TLS 握手中,首先客户端验证收到的服务器证书,然后根据证书算法和其他参数发送自己的证书。在您的情况下,服务器似乎收到了客户端的证书并拒绝了它,可能是因为空的证书链(即客户端的证书是自签名的?)。
No, there's no easy way, because mutual acceptability depends on the configuration of the client and server, and that goes way beyond the certificates they use.
For example, certificates have a "policy" which identifies the practices and policies under which they were issued. Each party can have local configuration that includes a set of acceptable policies. There are many other examples.