0

我的证书有问题。这是我的堆栈跟踪:

trustStore is: /usr/user/programs/java/jdk1.7.0_10/jre/lib/security/jssecacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=******, CN=865409164, OU=http://www.sistem.net, O=DOO, L=Citluk,   ST=Text, C=BA
Issuer:  EMAILADDRESS=***********, CN=ecommtest.rbbh.ba, OU=ITRIOSS.CARD, O=BANK, L=CITY, ST=******, C=BA

算法:RSA;序列号:0xf6e5b0e213f9b11b 有效期为 2013 年 7 月 30 日星期二 14:43:23 CEST 至 2014 年 7 月 30 日星期三 14:43:23 CEST

最后我得到了这个:

***
%% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E                               .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException:      sun.security.validator.ValidatorException: PKIX path building failed:   sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid   certification path to requested target
main, IOException in getSession():  javax.net.ssl.SSLHandshakeException:   sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid   certification path to requested target
main, called close()
main, called closeInternal(true)

我有 PKCS12 的证书,然后我通过 jssecacerts 中的 keytool 导入密钥库并将其复制到 JDK/jre/lib/security

我使用 apache HttpClient 来执行 POST 请求。

谢谢你的帮助

兹拉亚

4

2 回答 2

0

我们找到了解决方案。这些是步骤:

  1. 从https://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java运行 InstallCert 。它将创建 jssecacerts。

  2. 从 jre/lib/security 备份您的 cacerts

  3. 用 jssecacert 替换 cacerts

  4. 像这样更改您的代码:

    val clientStore = KeyStore.getInstance("PKCS12")

clientStore.load(new FileInputStream("/home/zlaja/Downloads/imakstore_80009164.p12"), "12348765".toCharArray())

val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
kmf.init(clientStore, "12348765".toCharArray())
val kms = kmf.getKeyManagers()

val trustStore = KeyStore.getInstance("JKS")

trustStore.load(new FileInputStream("/usr/user/programs/java/jdk1.7.0_10/jre/lib/security/cacerts"), "changeit".toCharArray())

val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(trustStore)
val tms = tmf.getTrustManagers()

val sslContext = SSLContext.getInstance("TLS")
sslContext.init(kms, tms, new SecureRandom())

val schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", new SSLSocketFactory(init), 443))

val client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParameters,  schemeRegistry), httpParameters);
于 2013-08-02T09:23:14.157 回答
-1

我也遇到了这个问题,但我终于有了一个适用于我的带有 SSL 的 JAX-WS 客户端的解决方案。

在我的情况下,问题是 JAX 无法查看另一个密钥库但 cacerts,并且我的证书有 2 个链接,无法通过命令行导入到 cacerts。

于 2014-12-15T21:24:26.947 回答