Java 使用apache httpclient进行SSL客户端证书身份验证
设置: 我已生成服务器和客户端自签名证书 已将根证书添加到信任库cacert.jks。 已将服务器证书添加到keystore keystore.jks。 已正确添加tomcat配置(浏览器正常工作) 有一个单独的keystore client.jks用于示例GET请求,基于: 问题: 如果我将浏览器指向localhost:8443,则会收到错误:ssl\u error\u bad\u cert\u警报 在将.p12证书添加到firefox/chrome之后,我可以加载默认页面,它允许我选择要以交互方式发送的证书 但是,java客户端调用失败,原因是:Java 使用apache httpclient进行SSL客户端证书身份验证,java,ssl,https,ssl-certificate,Java,Ssl,Https,Ssl Certificate,设置: 我已生成服务器和客户端自签名证书 已将根证书添加到信任库cacert.jks。 已将服务器证书添加到keystore keystore.jks。 已正确添加tomcat配置(浏览器正常工作) 有一个单独的keystore client.jks用于示例GET请求,基于: 问题: 如果我将浏览器指向localhost:8443,则会收到错误:ssl\u error\u bad\u cert\u警报 在将.p12证书添加到firefox/chrome之后,我可以加载默认页面,它允许我选择要以
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 231, 55, 193, 12, 126, 106, 78, 235, 72, 209, 1, 113 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, waiting for close_notify or alert: state 1
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=ca@xxx.in, CN=CA Admin, OU=CA, O=local in da house, L=Bangalore, ST=Karnataka, C=IN>
*** ServerHelloDone
*** Certificate chain
***
*** ECDHClientKeyExchange
ECDH Public value: { ...}
main, WRITE: TLSv1 Handshake, length = 77
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN>
*** ServerHelloDone
http-bio-8443-exec-1, WRITE: TLSv1 Handshake, length = 1476
http-bio-8443-exec-1, READ: TLSv1 Handshake, length = 77
*** Certificate chain
***
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2
http-bio-8443-exec-1, called closeSocket()
http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
http-bio-8443-exec-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: null cert chain
http-bio-8443-exec-1, called close()
http-bio-8443-exec-1, called closeInternal(true)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN>
[read] MD5 and SHA1 hashes: len = 145
0000: 0D 00 00 8D 03 01 02 40 00 87 00 85 30 81 82 31 .......@....0..1
0010: 0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 .0...U....IN1.0.
0020: 06 03 55 04 08 0C 02 4B 41 31 12 30 10 06 03 55 ..U....KA1.0...U
0030: 04 07 0C 09 62 61 6E 67 61 6C 6F 72 65 31 10 30 ....bangalore1.0
0040: 0E 06 03 55 04 0A 0C 07 43 41 20 42 6F 73 73 31 ...U....CA Boss1
0050: 0B 30 09 06 03 55 04 0B 0C 02 63 61 31 10 30 0E .0...U....ca1.0.
0060: 06 03 55 04 03 0C 07 63 61 61 64 6D 69 6E 31 21 ..U....caadmin1!
0070: 30 1F 06 09 2A 86 48 86 F7 0D 01 09 01 16 12 63 0...*.H........c
0080: 61 61 64 6D 69 6E 40 63 61 62 6F 73 73 2E 6F 72 aadmin@caboss.or
0090: 67 g
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching alias: client
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=client@clientboss.org, CN=client, OU=clientboss, O=client boss, L=bng, ST=ka, C=in
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28632453992003431308915057706872593510827517481645176167926299596175388758364475388282973862780043525858628044314596282467149011086426793445608130577955324107891088141707834114383829274495458679055679534162696112905173150434463742848918480552822337987796140398151985164856125750513570841056135410235400373584276647404249334190718247108789459533624236506201184258830704869791048114520941758364485115072957575259760369673257402633308683304933495211104494746578922374021151983094620317725008850265643603908594096873957992013696420211357274147343040148174076085536080587875591891218216008897086438638059125110840536055577
public exponent: 65537
Validity: [From: Tue May 27 15:58:23 IST 2014,
To: Wed May 27 15:58:23 IST 2015]
Issuer: EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN
SerialNumber: [ 04]
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN>
*** ServerHelloDone
http-bio-8443-exec-1, WRITE: TLSv1 Handshake, length = 1476
http-bio-8443-exec-1, READ: TLSv1 Handshake, length = 77
*** Certificate chain
***
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2
http-bio-8443-exec-1, called closeSocket()
http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
http-bio-8443-exec-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: null cert chain
http-bio-8443-exec-1, called close()
http-bio-8443-exec-1, called closeInternal(true)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN>
[read] MD5 and SHA1 hashes: len = 145
0000: 0D 00 00 8D 03 01 02 40 00 87 00 85 30 81 82 31 .......@....0..1
0010: 0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 .0...U....IN1.0.
0020: 06 03 55 04 08 0C 02 4B 41 31 12 30 10 06 03 55 ..U....KA1.0...U
0030: 04 07 0C 09 62 61 6E 67 61 6C 6F 72 65 31 10 30 ....bangalore1.0
0040: 0E 06 03 55 04 0A 0C 07 43 41 20 42 6F 73 73 31 ...U....CA Boss1
0050: 0B 30 09 06 03 55 04 0B 0C 02 63 61 31 10 30 0E .0...U....ca1.0.
0060: 06 03 55 04 03 0C 07 63 61 61 64 6D 69 6E 31 21 ..U....caadmin1!
0070: 30 1F 06 09 2A 86 48 86 F7 0D 01 09 01 16 12 63 0...*.H........c
0080: 61 61 64 6D 69 6E 40 63 61 62 6F 73 73 2E 6F 72 aadmin@caboss.or
0090: 67 g
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching alias: client
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=client@clientboss.org, CN=client, OU=clientboss, O=client boss, L=bng, ST=ka, C=in
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28632453992003431308915057706872593510827517481645176167926299596175388758364475388282973862780043525858628044314596282467149011086426793445608130577955324107891088141707834114383829274495458679055679534162696112905173150434463742848918480552822337987796140398151985164856125750513570841056135410235400373584276647404249334190718247108789459533624236506201184258830704869791048114520941758364485115072957575259760369673257402633308683304933495211104494746578922374021151983094620317725008850265643603908594096873957992013696420211357274147343040148174076085536080587875591891218216008897086438638059125110840536055577
public exponent: 65537
Validity: [From: Tue May 27 15:58:23 IST 2014,
To: Wed May 27 15:58:23 IST 2015]
Issuer: EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN
SerialNumber: [ 04]
***认证请求
证书类型:RSA、DSS、ECDSA
核证机关:
[读取]MD5和SHA1哈希:len=145
0000:0D 00 00 8D 03 01 02 40 00 87 00 85 30 81 82 31……@…0..1
0010:0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09.0…U…在1.0中。
0020:06 03 55 04 08 0C 02 4B 41 31 12 30 10 06 03 55..U..KA1.0..U
0030:04 07 0C 09 62 61 6E 67 61 6C 6F 72 65 31 10 30…班加罗尔1.0
0040:0E 06 03 55 04 0A 0C 07 43 41 20 42 6F 73 73 31…U…CA BOS1
0050:0B 30 09 06 03 55 04 0B 0C 02 63 61 31 10 30 0E.0…U…ca1.0。
0060:06 03 55 04 03 0C 07 63 61 64 6D 69 6E 31 21..U..caadmin1!
0070:30 1F 06 09 2A 86 48 86 F7 0D 01 09 01 16 12 63 0…*.H….c
0080:61 61 64 6D 69 6E 40 63 61 62 6F 73 2E 6F 72aadmin@caboss.or
0090:67克
***海龙石
[读取]MD5和SHA1哈希:len=4
0000:0e00。。。。
匹配别名:客户端
***证书链
链[0]=[
[
版本:V3
主题:电子邮件地址=client@clientboss.org,CN=client,OU=clientboss,O=client boss,L=bng,ST=ka,C=in
签名算法:SHA256withRSA,OID=1.2.840.113549.1.1.11
密钥:Sun RSA公钥,2048位
模数:2863245399200343130891505770687259351082751748164517616792629959617538875836447538829738627800453525886280443145962824671490108642679344560813057795532410781088141707834114382927445458679055951626961129517315043446374284891848055282337961403981519851648561257505157841056135410235407347474759533624236506201184258830704869791048114520941758364485115072957575259760369673257402633308683304933495211104494746578922374021151983094620317725008850265643603908594096873957992013696420211357274147343040148174076085536080587875591891218216008897086438638059125110840536055577
公众指数:65537
有效期:[自:2014年5月27日星期二15:58:23,
收件人:Wed May 27 15:58:23 IST 2015]
发行人:电子邮件地址=caadmin@caboss.org,CN=caadmin,OU=ca,O=ca Boss,L=班加罗尔,ST=KA,C=IN
序号:[04]
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN>
[read] MD5 and SHA1 hashes: len = 145
0000: 0D 00 00 8D 03 01 02 40 00 87 00 85 30 81 82 31 .......@....0..1
0010: 0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 .0...U....IN1.0.
0020: 06 03 55 04 08 0C 02 4B 41 31 12 30 10 06 03 55 ..U....KA1.0...U
0030: 04 07 0C 09 62 61 6E 67 61 6C 6F 72 65 31 10 30 ....bangalore1.0
0040: 0E 06 03 55 04 0A 0C 07 43 41 20 42 6F 73 73 31 ...U....CA Boss1
0050: 0B 30 09 06 03 55 04 0B 0C 02 63 61 31 10 30 0E .0...U....ca1.0.
0060: 06 03 55 04 03 0C 07 63 61 61 64 6D 69 6E 31 21 ..U....caadmin1!
0070: 30 1F 06 09 2A 86 48 86 F7 0D 01 09 01 16 12 63 0...*.H........c
0080: 61 61 64 6D 69 6E 40 63 61 62 6F 73 73 2E 6F 72 aadmin@caboss.or
0090: 67 g
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching alias: client
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=client@clientboss.org, CN=client, OU=clientboss, O=client boss, L=bng, ST=ka, C=in
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28632453992003431308915057706872593510827517481645176167926299596175388758364475388282973862780043525858628044314596282467149011086426793445608130577955324107891088141707834114383829274495458679055679534162696112905173150434463742848918480552822337987796140398151985164856125750513570841056135410235400373584276647404249334190718247108789459533624236506201184258830704869791048114520941758364485115072957575259760369673257402633308683304933495211104494746578922374021151983094620317725008850265643603908594096873957992013696420211357274147343040148174076085536080587875591891218216008897086438638059125110840536055577
public exponent: 65537
Validity: [From: Tue May 27 15:58:23 IST 2014,
To: Wed May 27 15:58:23 IST 2015]
Issuer: EMAILADDRESS=caadmin@caboss.org, CN=caadmin, OU=ca, O=CA Boss, L=bangalore, ST=KA, C=IN
SerialNumber: [ 04]