【发布时间】:2015-06-27 05:40:44
【问题描述】:
我需要一些帮助来修复我的项目中的证书异常。我收到 java.security.cert.CertificateException:无法处理证书数据以下是客户端应用程序的环境详细信息:
- 我的客户端应用程序部署在 IBM WebsphereApplicationServer(WAS)6.0 上
- 使用内置于 WAS 6.0 的 IBM JDK 1.4.2
第 3 方 Web 服务提供商最近升级到 SHA-256。通过上述客户端设置,我收到握手异常。我们尝试使用 Bouncy Castle jar 来支持 SHA-256。在此之后,我在进行 Web 服务调用时看到以下异常:
WebContainer : 0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
WebContainer : 0, WRITE: TLSv1 Alert, length = 2
WebContainer : 0, called closeSocket()
WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate data canot be processed
Exception javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate data canot be processed
Finalizer, called close()
Finalizer, called closeInternal(true)
我拥有的密钥库和信任库来自默认的 JDK 版本:
keyStore is: /usr/local/opt/was/was60/java/jre/lib/security/cacerts
keyStore type is : jks
init keystore
trustStore is: /usr/local/opt/was/was60/java/jre/lib/security/cacerts
trustStore type is : jks
这里还有一些日志:
SystemErrR AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate data canot be processed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate data canot be processed
at com.ibm.jsse2.bx.a(bx.java:114)
at com.ibm.jsse2.by.a(by.java:24)
at com.ibm.jsse2.by.a(by.java:444)
at com.ibm.jsse2.w.a(w.java:281)
at com.ibm.jsse2.w.a(w.java:105)
at com.ibm.jsse2.v.a(v.java:25)
at com.ibm.jsse2.by.a(by.java:272)
at com.ibm.jsse2.by.m(by.java:198)
at com.ibm.jsse2.by.startHandshake(by.java:68)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.cingular.csi.CSI.Namespaces.v94.wsdl.CingularWirelessCSI_wsdl.InquireWirelineServiceAppointmentReservationsSoapHttpBindingStub.inquireWireline
最后,还有几点需要注意:
WAS 和 JDK 都不能升级,因为应用是稳定的。
使用的SocketFactory是:com.ibm.jsse2.SSLSocketFactoryImpl
试过 javax.net.SSLSocketFactoryImpl。它在 SocketContext 本身失败。
尝试使用 keytool 将第三方服务器证书添加到我的信任库 (cacerts)。也没有用。
也尝试过分别使用 DummyClientKeyFile.jks 和 DummyClientTrustFile.jks 作为 Keystore 和 truststore 文件,而不是 JDK 的 cacerts,但是没有成功。
我已经被这个问题困扰了两个多星期了。感谢任何帮助。
【问题讨论】:
标签: java web-services security ssl ibm-was