Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 11号码头。使用godaddy证书的安全连接失败_Java_Ssl_Jetty - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 11号码头。使用godaddy证书的安全连接失败

Java 11号码头。使用godaddy证书的安全连接失败

java ssl jetty

Java 11号码头。使用godaddy证书的安全连接失败,java,ssl,jetty,Java,Ssl,Jetty,我正在尝试使用Godaddy证书来创建安全的http连接 首先,我用一个自签名证书测试了我的代码,工作正常,但当我尝试使用godaddy的证书时,我在firefox上出现了一个SSL\u错误\u握手\u失败\u警报,在Chrome上出现了一个ERR\u SSL\u协议\u错误。也不例外。没有错误日志。没有消息 Secure Connection Failed An error occurred during a connection to servername.com:8443. SSL pe

我正在尝试使用Godaddy证书来创建安全的http连接

首先,我用一个自签名证书测试了我的代码,工作正常,但当我尝试使用godaddy的证书时,我在firefox上出现了一个
SSL\u错误\u握手\u失败\u警报
,在Chrome上出现了一个
ERR\u SSL\u协议\u错误
。也不例外。没有错误日志。没有消息

Secure Connection Failed

An error occurred during a connection to servername.com:8443. SSL peer was unable to negotiate an acceptable set of security parameters.

Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
异常之前的调试日志:

[server-33] DEBUG org.eclipse.jetty.util.thread.QueuedThreadPool  - Runner started for QueuedThreadPool[server]@33e5ccce{STARTED,8<=12<=200,i=0,r=-1,q=0}[ReservedThreadExecutor@627551fb{s=1/16,p=0}]
[server-22] DEBUG org.eclipse.jetty.io.SocketChannelEndPoint  - Key interests updated 1 -> 0 on SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=4/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=INTERESTED,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=4/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-22] DEBUG org.eclipse.jetty.io.ManagedSelector  - Selector sun.nio.ch.EPollSelectorImpl@3fc1893b waiting with 1 keys
[server-33] DEBUG org.eclipse.jetty.util.thread.QueuedThreadPool  - run SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=4/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=INTERESTED,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=5/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}:runFillable:BLOCKING in QueuedThreadPool[server]@33e5ccce{STARTED,8<=12<=200,i=0,r=-1,q=0}[ReservedThreadExecutor@627551fb{s=1/16,p=0}]
[server-33] DEBUG org.eclipse.jetty.io.FillInterest  - fillable FillInterest@6d28095a{SSLC.NBReadCB@1008464{SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=4/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=INTERESTED,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=5/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}}}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - >c.onFillable SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=5/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=INTERESTED,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=5/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - onFillable SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=5/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=INTERESTED,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=6/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-33] DEBUG org.eclipse.jetty.io.FillInterest  - fillable FillInterest@66f8bebc{AC.ReadCB@1ae6359c{HttpConnection@1ae6359c::DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=FI,flush=-,to=6/30000}}}
[server-33] DEBUG org.eclipse.jetty.server.HttpConnection  - HttpConnection@1ae6359c::DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=6/30000} onFillable enter HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0} null
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - >fill SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=5/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=-1/-1,di=-1,fill=IDLE,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=6/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - fill NOT_HANDSHAKING
[server-33] DEBUG org.eclipse.jetty.io.SocketChannelEndPoint  - filled 517 HeapByteBuffer@7a6e94fa[p=0,l=517,c=17408,r=517]={<<<\x16\x03\x01\x02\x00\x01\x00\x01\xFc\x03\x03\xCc\xB0>\x1f8"\xCf\xD6-^m\x04\xC0\xC3...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - net filled=517
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - fill starting handshake SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=0/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NOT_HANDSHAKING,eio=517/-1,di=-1,fill=IDLE,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=7/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - unwrap net_filled=517 Status = OK HandshakeStatus = NEED_TASK bytesConsumed = 517 bytesProduced = 0 encryptedBuffer=[p=517,l=517,c=17408,r=0] unwrapBuffer=DirectByteBuffer@73daf2e[p=0,l=0,c=17408,r=0]={<<<>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00} appBuffer=DirectByteBuffer@73daf2e[p=0,l=0,c=17408,r=0]={<<<>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - fill NEED_TASK
[server-33] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=hayquecomer.com
[server-33] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI host name hayquecomer.com
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/EC on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/EC on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/EC on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/EC on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose explicit alias null/RSA on sun.security.ssl.SSLEngineImpl@3dd0a710
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - fill NEED_WRAP
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - >flush SslConnection@1008464::SocketChannelEndPoint@2e9703df{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=31/30000}{io=0/0,kio=0,kro=1}->SslConnection@1008464{NEED_WRAP,eio=0/-1,di=-1,fill=IDLE,flush=IDLE}~>DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=39/30000}=>HttpConnection@1ae6359c[p=HttpParser{s=START,0 of -1},g=HttpGenerator@c862f5c{s=START}]=>HttpChannelOverHttp@525f5018{s=HttpChannelState@3f48616b{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - flush b[0]=HeapByteBuffer@3335b1d9[p=0,l=0,c=0,r=0]={<<<>>>}
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - flush NEED_WRAP
[server-33] DEBUG org.eclipse.jetty.io.ssl.SslConnection  - DecryptedEndPoint@38876f9b{l=/127.0.1.1:8443,r=/127.0.0.1:41822,OPEN,fill=-,flush=-,to=39/30000} stored flush exception
javax.net.ssl.SSLHandshakeException: No available authentication scheme
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:955)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:944)
    at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1252)
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1188)
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851)
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1247)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1192)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:627)
    at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:354)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:265)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:324)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:528)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:377)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:163)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.SocketChannelEndPoint$1.run(SocketChannelEndPoint.java:106)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
    at java.base/java.lang.Thread.run(Thread.java:830)
在绝望的时刻,我也尝试过:

keytool-import-alias main-trustcacerts-file 4331e701f4d1b69.pem-keystore main.keystore


openssl crl2pkcs7-nocrl-certfile 4331e701f4d1b69.crt-out 4331e701f4d1b69.p7b-certfile gd_bundle-g2-g1.crt
keytool-import-alias main-trustcacerts-file 4331e701f4d1b69.p7b-keystore main.keystore
命令:

keytool-list-v-keystore main.keystore
该命令显示两个键:

Keystore类型:JKS
密钥库提供程序:SUN
您的密钥库包含2个条目
别名:中级
创建日期:2021年5月26日
条目类型:trustedCertEntry
...
签名算法名称:SHA256withRSA
主题公钥算法:2048位RSA密钥
版本:3
扩展:
...
别名:main
创建日期:2021年5月26日
条目类型:trustedCertEntry
...
主题公钥算法:2048位RSA密钥
版本:3
扩展:
...
我的代码与自签名证书一起工作。我只更改文件名:

public void start()引发ServerException、FileNotFoundException{
QueuedThreadPool threadPool=新的QueuedThreadPool();
setName(“服务器”);
服务器=新服务器(线程池);
HttpConfiguration httpConfig=新的HttpConfiguration();
httpConfig.addCustomizer(新的SecureRequestCustomizer(false));
HttpConnectionFactory http11=新的HttpConnectionFactory(httpConfig);
SslContextFactory.Server SslContextFactory=新的SslContextFactory.Server();
File File=新文件(“/home/esteban/../ssl/main.keystore”);
如果(!file.exists()){
抛出新的FileNotFoundException(file.toString());
}
sslContextFactory.setkeystrepath(file.toString());
setKeyStorePassword(“密码”);
SslConnectionFactory tls=新的SslConnectionFactory(sslContextFactory,http11.getProtocol());
ServerConnector连接器=新的ServerConnector(服务器、tls、http11);
连接器。设置端口(8443);
addConnector(连接器);
setHandler(新的AbstractHandler(){
@凌驾
公共无效句柄(字符串目标、请求jettyRequest、HttpServletRequest、HttpServletResponse响应)引发IOException{
response.getWriter().print(“nada”);
jettyRequest.setHandled(true);
答复:setStatus(200);
response.setHeader(“X-URL”,request.getRequestURI());
response.setHeader(“X-HOST”,request.getServerName());
}
});
试一试{
server.start();
}捕获(例外e){
抛出新的ServerException(e);
}
}
我确实尝试在我的计算机上使用
/etc/hosts
,以获得正确的主机名,并在远程服务器上使用相同的结果

我没有更多的想法。我需要一些新的。

您的密钥库没有密钥对。您的CA证书和您自己的CA证书都已作为受信任的CA证书导入。您需要导入自己的证书,而不使用
-trustcacerts
选项,并且使用与创建原始密钥对和CSR相同的别名。然后证书将与密钥对相关联,它将显示为密钥项,而不是证书项。我已经创建了一个自签名证书,它可以正常工作。我的问题是Godaddy证书。我没有创建证书,Godaddy给了我,没有任何别名。我刚从Godaddy得到了一个zip,其中包含:xxx.pem、xxx.crt和gd_bundle-g2-g1.crt,一个“Godaddy证书Bundles-g2与g1交叉,包括根”您是如何创建证书的?首先要做的是创建一个密钥对,然后创建一个CSR。钥匙在哪里?你是如何创建CSR的?