Java Axis2/Rampart客户端自签名证书

我正在尝试使用安全客户端访问web服务

我生成了两个文件：

nb19200.pkcs12

server.jks

我在tomcat中粘贴了服务器密钥库，并将pkcs12上传到我的浏览器中，一切正常

现在，在我的客户端应用程序中，我尝试了以下操作：

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

首先，导出服务器证书，我使用了以下命令：

keytool-exportcert-alias servercert-file servercert.cer-keystore server.jks-storepass**

然后将其导入一个密钥库，其中没有任何内容：

keytool-importcert-keystore truststore.jks-alias servercert-file servercert.cer-v trustcacerts-noprompt-storepass***

我的代码如下：

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

好的，通过此配置，我得到以下错误：

原因：java.net.SocketException:连接被远程主机关闭

如果我对前两行进行注释，得到的错误是：

原因：sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径

那么我做错了什么

我完全迷路了

更新完整代码：

堆栈跟踪：

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

---

查看定义密钥库路径的行：

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

但是您提到文件名是server.jks。因此，如果是这种情况，这就是代码找不到正确证书文件的原因

更新：

---

使用ssl（https）时，服务器将根据“CN”搜索正确的证书。CN必须等于主机名。根据您发布的URL，我看到您正在使用localhost，因此您必须使CN等于您的计算机名（您可以通过右键单击我的计算机->属性来查看）。

请确保服务正在侦听端口8443。检查URL

https://localhost:8443/axis2/services/SecureService

存在。您可以尝试此URL

https://localhost:8443/axis2/services/SecureService?wsdl

并查看是否可以从该URL获取服务的WSDL

我找到了解决方案

我错过了这个：

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

---

抱歉，我键入的名称错误。我使用了使用服务器导出的证书创建的密钥库，即truststore.jks。但它不起作用。主机名不匹配不会产生此异常。此外，CN只是主题备选名称的备用名称（只有在没有DNS SAN时才需要匹配）。您是否在代码中的任何其他位置设置了

javax.net.ssl.trustStore

，或者以前是否使用过ssl？它通常只加载一次（即使是从默认值）。我将在粘贴站更新完整的代码。你可以试试这个：你能提供服务器的堆栈跟踪吗？这可能会给出一个很好的提示。我的tomcat日志上没有显示任何内容。我将发布堆栈跟踪，客户端。