0

我尝试使用 HTTPS 基本服务器身份验证在 Weblogic 10 上运行一项系统测试,但我收到此异常:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLKeyException:    [Security:090542]Certificate chain received from myserver - 141.73.205.173 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.

在 com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149) 在 com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81) 在 com.sun.jersey .api.client.Client.handle(Client.java:648) .................... …………

我的身份验证方法是:

public static WebResource createWebResource(String path) throws IOException, NoSuchAlgorithmException, Exception {
ClientConfig config = new DefaultClientConfig();
Client client = Client.create(config);
HTTPBasicAuthFilter authFilter = new HTTPBasicAuthFilter("REST_USER", "Supervisor");
client.addFilter(authFilter);
String serverUrl = findServerUrlFromJNDIProps();
return client.resource("https://myserver:8012/ERSrestServices/" + path);

}

我的错误在哪里?

4

1 回答 1

0

The SSL certificate is not trusted by java so it is rejecting your attempt to access the server over https.

If this is a test server with a self-signed certificate, this would make sense. If it is not self-signed, then the CA is not trusted by your java install.

As per the exception:

If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.

So, -Dweblogic.security.TrustKeyStore=DemoTrust should solve your problem.

Alternatively you can add your webserver's SSL certificate to your client's java certificate store:

keytool -importcert -file certificate.cer -keystore cacerts -alias "Your Alias"

Where keytool can be found at ${jdk_home}/bin and the cacerts file at ${jdk_home}/jre/lib/security

于 2013-06-25T20:11:57.387 回答