1

我正在使用 Java 开发 Web 服务集成与 Oracle Jdeveloper 用于 UPS 运输。我已经导入了 WSDL 文件并且它们被完美地分配了。但是我无法运行它,因为 Jdeveloper 抛出异常,因为它无法识别其证书。我已经下载了所需的证书并使用 keytool 命令将其安装在密钥库中,但没有任何改变。然后我生成了一个新的密钥库并在其中安装了我的证书,但是 Oracle 使用了 DemoIdentity.jks 和 DemoTrust.jks 密钥库。我无法让 Oracle 默认使用我的新密钥库。

这是日志和我得到的错误:

<26.Oca.2013 14:02:08 EET> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:09 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<26.Oca.2013 14:02:10 EET> <Warning> <Security> <BEA-090504> <Certificate chain received from localhost - 127.0.0.1 --> wwwcie.ups.com failed hostname verification check. Certificate contained MST-PC(My computer name) but check expected wwwcie.ups.com>

请给我你的想法如何解决这个问题。任何推荐将不胜感激。谢谢。

PS:我使用的是 Oracle JDeveloper 11g Release 1,jdk160_24,Weblogic Server 10.3,Win7 64 位。

4

2 回答 2

2

Sun JDK (Java Developer Kit)(版本:1.6.0_13 和 1.5.0_18)的最新更新与以下 Oracle WebLogic Server 版本中的 SSL(安全套接字层)实现不兼容:

  • 11gR1 (10.3.1)
  • 10gR3 (10.3.0)
  • 10.0 和 10.0 的所有维护版本
  • 从 R27.6.4(1.6.0_13 和 1.5.0_18)及更高版本开始的 9.2 MP4 Oracle JRockit 版本之前的 9.0、9.1、9.2 和 9.2 的所有维护版本也出现此问题。

解决方法

1) 使用较早版本的JDK - JDK1.6.0_12 及更早版本即可。

 or

2) 将 \jdk\jre\lib\security\cacerts 的信任库文件替换为早期 JDK 中的一个

于 2013-10-21T07:15:57.550 回答
0

首先,SSL 是单向还是双向?

单向意味着只有服务服务器(具有您尝试访问的 WS 的服务器)必须与您识别。为了让服务服务器识别您,您必须从其页面下载它提供的证书(有关如何执行此操作的大量教程)。警告:您必须获得整个证书链!将这些证书添加到您的信任密钥库。

双向意味着你也必须认同他们。为此,您应该从服务提供商处获得证书并将其添加到您的客户身份密钥库中。

此时,您应该有 2 个单独的密钥库。一,信任密钥库,是保存所有安全服务器证书的存储(您信任它们,因此得名)。其次是身份密钥库,以特定别名保存您的身份的存储。其他服务器将使用此信息来确定他们是否信任您。

现在进行 WLS 配置:

首先,如果您要使用 SSL,请不要使用 Demo Identity 和 Demo Trust 设置。将其更改为自定义身份和自定义信任。将密钥库设置为您创建的密钥库。如果服务器将仅使用单向 SSL,那么您可以将身份存储设置为 Demo Identity,但仍然必须在自定义身份和自定义信任设置下完成(只需从默认值复制路径、密码等)。在 server-> SSL 下设置身份,你就完成了。

其他:

您可能想要关闭主机名验证(服务器->SSL->高级)。这有时会导致很多问题。

如果仍然不起作用,请在 java 选项中添加以下标志:

-Dweblogic.security.SSL.verbose=true

-Dweblogic.security.SSL.enable.renegotiation=true

-Dsun.security.ssl.allowUnsafeRenegotiation=true

于 2013-03-04T13:58:33.603 回答