0

我有两个客户端 pkcs12 密钥库。我从这两个中导出了证书,并使用 keyman 将它们添加到新的 jks 中。奇怪的是,每个密钥库都可以正常工作,但是当我将它们组合到一个密钥库中时,对每个客户端的调用都失败了

<pre><code>org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, WRITE: TLSv1 Handshake, length = 32
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, handling exception: java.net.SocketException: Connection reset
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, SEND TLSv1 ALERT:  fatal, description = unexpected_message
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, WRITE: TLSv1 Alert, length = 18
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, Exception sending alert: java.net.SocketException: Broken pipe
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called closeSocket()
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called close()
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called closeInternal(true)
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called close()
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called closeInternal(true)
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called close()
org.springframework.jms.listener.DefaultMessageListenerContainer#0-1, called closeInternal(true)
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:168)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post_aroundBody4(HttpRequestUtil.java:140)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post_aroundBody5$advice(HttpRequestUtil.java:65)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post(HttpRequestUtil.java:1)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post_aroundBody2(HttpRequestUtil.java:89)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post_aroundBody3$advice(HttpRequestUtil.java:65)
    at com.att.socialnetworkingmanager.util.HttpRequestUtil.post(HttpRequestUtil.java:1)
    at com.att.socialnetworkingmanager.sng.impl.SocialNetworkingAuthenticationImpl.getSngAccessToken_aroundBody0(SocialNetworkingAuthenticationImpl.java:87)
    at com.att.socialnetworkingmanager.sng.impl.SocialNetworkingAuthenticationImpl.getSngAccessToken_aroundBody1$advice(SocialNetworkingAuthenticationImpl.java:65)
    at com.att.socialnetworkingmanager.sng.impl.SocialNetworkingAuthenticationImpl.getSngAccessToken(SocialNetworkingAuthenticationImpl.java:1)
    at com.att.socialnetworkingmanager.service.impl.UploadManagerImpl.sendToSng_aroundBody0(UploadManagerImpl.java:61)
    at com.att.socialnetworkingmanager.service.impl.UploadManagerImpl.sendToSng_aroundBody1$advice(UploadManagerImpl.java:65)
    at com.att.socialnetworkingmanager.service.impl.UploadManagerImpl.sendToSng(UploadManagerImpl.java:1)
    at com.att.socialnetworkingmanager.jms.SocialNetworkingManagerQueueListener.onMessage_aroundBody0(SocialNetworkingManagerQueueListener.java:52)
    at com.att.socialnetworkingmanager.jms.SocialNetworkingManagerQueueListener.onMessage_aroundBody1$advice(SocialNetworkingManagerQueueListener.java:65)
    at com.att.socialnetworkingmanager.jms.SocialNetworkingManagerQueueListener.onMessage(SocialNetworkingManagerQueueListener.java:1)
    at org.springframework.jms.listener.adapter.MessageListenerAdapter.onMessage(MessageListenerAdapter.java:343)
    at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:518)
    at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:479)
    at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:451)
    at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:323)
    at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:261)
    at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:982)
    at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContainer.java:974)
    at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:876)
    at java.lang.Thread.run(Thread.java:662)</code></pre>

我不确定发生了什么,因为我以前做过。任何想法为什么在结合来自两个客户的证书时会失败?

4

3 回答 3

1

您说您从两个密钥库中导出了证书 - 您是否还导出了关联的密钥?

TLS 客户端身份验证也需要密钥。仅凭证书不会让您走得太远。

此外,在为给定连接选择正确的密钥/证书时,您的想法可能会导致问题:您必须确保正确选择它们,通常客户端身份验证密钥/证书对应该仅适用于一个专用服务,因此混合up the keys 将导致连接尝试被拒绝。

于 2011-10-04T05:54:59.623 回答
1

在同一个 keystore.jks 文件中使用多个密钥时,我们遇到了类似的问题。我们有相同的行为,当我们分别使用每个密钥时,访问没有任何问题。当我们将两个密钥放入同一个密钥库时,我们收到错误“403:禁止”。

在创建新证书等之后,我们发现密钥库中证书的名称有影响:

其中一个键的名称(匿名):

test-cert-of_company

并没有工作。更改为cert_of_company后,它起作用了。

cert_of_company

我们猜测名称中的字符“-”确实导致了问题,替换为“_”解决了它。也许这可以帮助你。

于 2011-12-12T15:00:24.053 回答
0

用于keytool列出组合密钥库的内容。

每个条目的“类型”是什么?

它们应该是私钥条目;如果不是(如果它们是受信任的条目),则您无法导出关联的私钥。

这两个证书是否来自同一颁发者?

于 2012-07-04T20:04:31.330 回答