Rest SSLPeerUnverifiedException-针对<&燃气轮机;不';与证书主题的通用名称不匹配
当我们尝试从zuul访问安全https REST点时,出现以下异常 2017-10-27 08:26:08.499 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : Secure session established 2017-10-27 08:26:08.500 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : negotiated protocol: TLSv1.2 2017-10-27 08:26:08.500 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2017-10-27 08:26:08.501 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : peer principal: CN=10.xxx.xx.xx, OU=xxx, O=xxx, L=xxx, ST=xx, C=xx 2017-10-27 08:26:08.502 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : issuer principal: CN=10.xxx.xx.xx, OU=xxx, O=xxx, L=xxx, ST=xx, C=xx 2017-10-27 08:26:08.516 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.conn.ssl.DefaultHostnameVerifier : Certificate for doesn't match common name of the certificate subject: 10.xxx.xx.xx javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match common name of the certificate subject at org.apache.http.conn.ssl.DefaultHostnameVerifier.matchCN(DefaultHostnameVerifier.java:186) at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:133) at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:99) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:463) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at org.springframework.cloud.netflix.ribbon.apache.RibbonLoadBalancingHttpClient.execute(RibbonLoadBalancingHttpClient.java:94) at org.springframework.cloud.netflix.ribbon.apache.RibbonLoadBalancingHttpClient.execute(RibbonLoadBalancingHttpClient.java:43) at com.netflix.client.AbstractLoadBalancerAwareClient$1.call(AbstractLoadBalancerAwareClient.java:109) at com.netflix.loadbalancer.reactive.LoadBalancerCommand$3$1.call(LoadBalancerCommand.java:303) at com.netflix.loadbalancer.reactive.LoadBalancerCommand$3$1.call(LoadBalancerCommand.java:287) at rx.internal.util.ScalarSynchronousObservable$3.call(ScalarSynchronousObservable.java:231) at rx.internal.util.ScalarSynchronousObservable$3.call(ScalarSynchronousObservable.java:228) at rx.Observable.unsafeSubscribe(Observable.java:10211) at rx.internal.operators.OnSubscribeConcatMap$ConcatMapSubscriber.drain(OnSubscribeConcatMap.java:286) at rx.internal.operators.OnSubscribeConcatMap$ConcatMapSubscriber.onNext(OnSubscribeConcatMap.java:144) at com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:185) at com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:180) ... 2017-10-27 08:26:08.499调试15708---[http-nio-9092-exec-1]o.a.h.c.ssl.SSLConnectionSocketFactory:安全会话已建立 2017-10-27 08:26:08.500调试15708---[http-nio-9092-exec-1]o.a.h.c.ssl.SSLConnectionSocketFactory:协商协议:TLSv1.2 2017-10-27 08:26:08.500调试15708---[http-nio-9092-exec-1]o.a.h.c.ssl.SSLConnectionSocketFactory:协商密码套件:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2017-10-27 08:26:08.501调试15708---[http-nio-9092-exec-1]o.a.h.c.ssl.SSLConnectionSocketFactory:对等主体:CN=10.xxx.xx.xx,OU=xxx,o=xxx,L=xxx,ST=xx,c=xx 2017-10-27 08:26:08.502调试15708---[http-nio-9092-exec-1]o.a.h.c.ssl.SSLConnectionSocketFactory:发行人负责人:CN=10.xxx.xx.xx,OU=xxx,o=xxx,L=xxx,ST=xx,c=xx 2017-10-27 08:26:08.516调试15708---[http-nio-9092-exec-1]o.a.h.conn.ssl.DefaultHostnameVerifier:的证书与证书主题的通用名称不匹配:10.xxx.xx.xx javax.net.ssl.SSLPeerUnverifiedException:的证书与证书主题的通用名称不匹配 位于org.apache.http.conn.ssl.DefaultHostnameVerifier.matchCN(DefaultHostnameVerifier.java:186) 位于org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:133) 位于org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:99) 位于org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:463) 位于org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) 位于org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) 位于org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) 位于org.apache.http.impl.conn.poolghttpclientconnectionmanager.connect(poolghttpclientconnectionmanager.java:359) 位于org.apache.http.impl.execchain.MainClientExec.buildRoute(MainClientExec.java:381) 位于org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) 位于org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) 位于org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) 位于org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) 位于org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) 在org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) 在org.apache.http.impl.client.CloseableHttpClient.execute上(CloseableHttpClient.java:108) 在org.apache.http.impl.client.CloseableHttpClient.execute上(CloseableHttpClient.java:56) 位于org.springframework.cloud.netflix.ribbon.apache.RibbonLoadBalancingHttpClient.execute(RibbonLoadBalancingHttpClient.java:94) 位于org.springframework.cloud.netflix.ribbon.apache.RibbonLoadBalancingHttpClient.execute(RibbonLoadBalancingHttpClient.java:43) 位于com.netflix.client.AbstractLoadBalancerAwareClient$1.call(AbstractLoadBalancerAwareClient.java:109) 在com.netflix.loadbalancer.reactive.LoadBalancerCommand$3$1.call(LoadBalancerCommand.java:303) 在com.netflix.loadbalancer.reactive.LoadBalancerCommand$3$1.call(LoadBalancerCommand.java:287) 在rx.internal.util.ScalarSynchronousObservable$3.call(ScalarSynchronousObservable.java:231) 在rx.internal.util.ScalarSynchronousObservable$3.call(ScalarSynchronousObservable.java:228) at rx.Observable.unsafeSubscribe(Observable.java:10211) 在rx.internal.operators.onSubscribeCatMap$ConcatMapSubscriber.drain(onSubscribeCatMap.java:286) 在rx.internal.operators.onSubscribeCatMap$ConcatMapSubscriber.onNext(onSubscribeCatMap.java:144) 在com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:185)上 在com.netflix.loadbalancer.reactive.LoadBalancerCommand$1.call(LoadBalancerCommand.java:180) ... 服务通过POST请求向eureka注册。请找到下面的示例POST请求 spring: application: name: gateway server: port: 9092 ssl: enabled: true clientAuth: want key-store: classpath:keystore.jks key-store-password: password key-password: password key-alias: xxxx eureka: instance: nonSecurePortEnabled: false securePortEnabled: true client: serviceUrl: defaultZone: ${EUREKA_URI:http://localhost:8761/eureka} registry-fetch-interval-seconds: 15 register-with-eureka: true fetch-registry: true heartbeat-executor-thread-pool-size: 5 eureka-service-url-poll-interval-seconds: 10 zuul: prefix: /tree routes: serv: path: /cxf/** strip-prefix: false serviceId: serv ribbon: IsSecure: true IsHostnameValidationRequired: false 春天: 应用程序: 名称:网关 服务器: 港口:9092 ssl: 已启用:true 克利恩塔斯:你想要什么 密钥存储:classpath:keystore.jks 密钥存储密码:密码 密钥密码:密码 密钥别名:xxxx 尤里卡: 实例: 非安全报告已启用:false 安全可移植:正确 客户: 服务URL: defaultZone:${EUREKA_URI:http://localhost:8761/eureka} 注册表获取间隔秒:15 向eureka注册:正确 获取注册表:true 心跳执行器线程池大小:5 eureka服务url轮询间隔秒:10 祖尔: 前缀:/tree 路线: 服务: 路径:/cxf/** 带前缀:false serviceId:serv 功能区: 是的 IsHostnameValidationRequired:false 服务通过POST请求向eureka注册。请找到下面的示例POST请求 { "instance": { "hostName": "xxx", "app": "appname", "vipAddress": "appname", "secureVipAddress": "appname", "ipAddr": "10.xxx.xx.xxx", "status": "UP", "port": {"$": "8181", "@enabled": "true"}, "securePort": {"$": "8443", "@enabled": "true"}, "healthCheckUrl": "http://localhost:8000/cat", "statusPageUrl": "http://localhost:8000/cat", "homePageUrl": "http://localhost:8000/cat", "dataCenterInfo": { "@class": "com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo", "name": "MyOwn" } } { “实例”:{ “主机名”:“xxx”, “应用程序”:“应用程序名称”, “vipAddress”:“appname”, “secureVipAddress”:“appname”, “ipAddr”:“10.xxx.xx.xxx”, “状态”:“向上”, “端口”:{“$”:“8181”,“@enabled”:“true”}, “securePort”:{“$”:“8443”,“@enabled”:“true”}, “healthCheckUrl”:http://localhost:8000/cat", “statusPageUrl”:http://localhost:8000/cat", “主页URL”:http://localhost:8000/cat", “数据中心信息”:{ “@class”:“com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo”, “名称”:“MyOwn” } } 如果我用上面zuul c中相应的url替换serviceIdRest SSLPeerUnverifiedException-针对<&燃气轮机;不';与证书主题的通用名称不匹配,rest,ssl-certificate,netflix-eureka,netflix-zuul,netflix-ribbon,Rest,Ssl Certificate,Netflix Eureka,Netflix Zuul,Netflix Ribbon,当我们尝试从zuul访问安全https REST点时,出现以下异常 2017-10-27 08:26:08.499 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : Secure session established 2017-10-27 08:26:08.500 DEBUG 15708 --- [http-nio-9092-exec-1] o.a.h.c.ssl.SSLConne
spring:
application:
name: gateway
server:
port: 8443
ssl:
enabled: true
key-store: classpath:serverkeystore.p12
key-store-password: server
key-alias: serverkey
eureka:
instance:
securePort: ${server.port}
nonSecurePortEnabled: false
securePortEnabled: true
leaseRenewalIntervalInSeconds: 7
leaseExpirationDurationInSeconds: 9
client:
serviceUrl:
defaultZone: ${EUREKA_URI:http://localhost.com:8761/eureka/}
registry-fetch-interval-seconds: 5
register-with-eureka: true
fetch-registry: true
heartbeat-executor-thread-pool-size: 5
eureka-service-url-poll-interval-seconds: 10
zuul:
prefix: /service
routes:
producer:
path: /employee/**
strip-prefix: false
serviceId: producer
ribbon:
IsSecure: true
logging:
file: logs/gateway.log
level.root: INFO
level.com.fujitsu.fnc.sdnfw.msvc: DEBUG