【问题标题】:javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificatejavax.ws.rs.ProcessingException:javax.net.ssl.SSLHandshakeException:收到致命警报:bad_certificate
【发布时间】:2019-12-12 02:43:26
【问题描述】:

我有一个需要从 REST API 获取实例的 jar。我已经完成了 SSL 证书的设置,并生成了 JKS 的私钥和公钥。我已将证书导入 Java\jdk1.8.0_201\jre\lib\security\cacerts。它适用于单向身份验证。但是在我更改为双向身份验证后,我收到了致命警报:bad_certificate 错误。

我在 Response response = invocationBuilder.get(); 行中遇到错误

WebTarget target = cp.getClient()
            .target("https://" + cp.getServerIp() + ":" + cp.getRestAPIPort() + "/product-info").path("");
    Invocation.Builder invocationBuilder = target
            .request(new String[] { MediaType.APPLICATION_JSON_TYPE.toString() });
    invocationBuilder.header("Authorization", "Bearer " + cp.getAccessToken());
    Response response = invocationBuilder.get();

错误响应:

    javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:284)
        at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:278)
        at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:753)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:229)
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:414)
        at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:752)
        at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:419)
        at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:319)
        at com.p3.ca.ia.rest.RestLayerActivities.getInstanceInformation(RestLayerActivities.java:108)
        at com.p3.ca.ia.rest.IaRestMain.begin(IaRestMain.java:87)
        at com.p3.ca.CaIaApplication.main(CaIaApplication.java:28)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)
        at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1761)
        at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
        at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1152)
        at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1280)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1190)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:369)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
        at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:390)
        at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:282)
        ... 20 more

【问题讨论】:

  • 服务器不喜欢客户端证书。尚不清楚此证书的要求是什么,并且对您的客户端证书一无所知,这意味着我们完全不清楚服务器不喜欢什么。因此,查看服务器端是否有任何错误日志,查看服务器对客户端证书的要求(即由特定 CA 颁发,包含特定主题、特定密钥用法......),然后检查客户端证书是否发送符合要求。

标签: java ssl https ca jks


【解决方案1】:

服务器很可能不信任您的 CA 客户端证书。

【讨论】:

    猜你喜欢
    • 2023-04-07
    • 2015-10-06
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2013-07-08
    • 2014-01-21
    • 2015-04-01
    相关资源
    最近更新 更多