Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
解决SSLHandshakeException后的Java SSLPeerUnverifiedException_Java_Spring Boot_Ssl - Fatal编程技术网
Fatal编程技术网
  • java/
  • 解决SSLHandshakeException后的Java SSLPeerUnverifiedException

解决SSLHandshakeException后的Java SSLPeerUnverifiedException

java spring-boot ssl

解决SSLHandshakeException后的Java SSLPeerUnverifiedException,java,spring-boot,ssl,Java,Spring Boot,Ssl,我知道这是一个非常常见的问题,但我在我的案例中描述了上下文。我编写了两个SpringBoot2应用程序,并为它们启用了SSL 应用程序1(客户端) 应用程序2(服务器) 然后我将服务器和之前使用keytool生成的证书添加到我的cacerts文件中 keytool -importcert -file "/location/to/certificate/sb2-certificate.crt" -alias sb2-tomcat -keystore "..\Java\jdk1.8.0_144\jr

我知道这是一个非常常见的问题,但我在我的案例中描述了上下文。我编写了两个SpringBoot2应用程序,并为它们启用了SSL

应用程序1(客户端)

应用程序2(服务器)

然后我将服务器和之前使用keytool生成的证书添加到我的cacerts文件中

keytool -importcert -file "/location/to/certificate/sb2-certificate.crt" -alias sb2-tomcat -keystore "..\Java\jdk1.8.0_144\jre\lib\security\cacerts"
在将证书添加到cacerts之前,我收到了错误SSLHandshakeException,然后是SSLPeerUnverifiedException:

的证书与任何主题备选名称不匹配:[]

我将VM调试SSL验证添加到应用程序:

***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=sb2 localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 19498524521301636375327327139235173526668786372574406255907014987664589119007638945302942180083083468997649347515867541667611070267889924617455941875034864650882365195859818334626078471052990327324008622169936539527600386062109638418865197602800058208022394134272787963653612703516681008660079675388888751349158494609089577725407479205584351969790650358305405827665951625886311271743251834381456253493048705893397141460667986714587381315951028909854600446234964732273252958312484308184937316978935692640456235515324828950495838104784778023273184639045008690240699649911570081674849785949521722117188840210828574141181
  public exponent: 65537
  Validity: [From: Thu Jul 19 14:33:31 CEST 2018,
           To: Sun Jul 16 14:33:31 CEST 2028]
  Issuer: CN=sb2 localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    52083aa1]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EB 73 69 B0 29 5A CA F7   4A 85 F4 64 AD 15 90 B4  .si.)Z..J..d....
0010: 92 88 0E 02                                        ....
]
]
我在谷歌上搜索了一整天,但我没有得到我所缺少的东西。我需要添加一些步骤吗

在使用密钥库资源管理器查看cacerts时,我看到所有条目名称都有
[jdk]
,但没有我的证书sb2 tomcat。

您的证书有CN(CommonName)
“sb2 localhost”
,但URL中请求的主机名是
“localhost”
,不匹配。将您的证书更改为具有名称
“localhost”
——在CN中,或者更好地在SubjectAlternativeNames扩展名aka SAN中,正如错误消息所示,Java更喜欢该扩展名。或者将您的URL更改为
'sb2 localhost“
,这将很难,因为名称解析通常不允许空间。PS:如果服务器不要求客户端身份验证,则不需要客户端密钥库,因此如果您想实际使用客户端密钥库集
server.ssl.client auth
是的,这就是问题所在。我更改了它并成功了。 
keytool -importcert -file "/location/to/certificate/sb2-certificate.crt" -alias sb2-tomcat -keystore "..\Java\jdk1.8.0_144\jre\lib\security\cacerts"  

***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=sb2 localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 19498524521301636375327327139235173526668786372574406255907014987664589119007638945302942180083083468997649347515867541667611070267889924617455941875034864650882365195859818334626078471052990327324008622169936539527600386062109638418865197602800058208022394134272787963653612703516681008660079675388888751349158494609089577725407479205584351969790650358305405827665951625886311271743251834381456253493048705893397141460667986714587381315951028909854600446234964732273252958312484308184937316978935692640456235515324828950495838104784778023273184639045008690240699649911570081674849785949521722117188840210828574141181
  public exponent: 65537
  Validity: [From: Thu Jul 19 14:33:31 CEST 2018,
           To: Sun Jul 16 14:33:31 CEST 2028]
  Issuer: CN=sb2 localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
  SerialNumber: [    52083aa1]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EB 73 69 B0 29 5A CA F7   4A 85 F4 64 AD 15 90 B4  .si.)Z..J..d....
0010: 92 88 0E 02                                        ....
]
]