Security 使用t3s weblogic的SSLHandshakeException_Security_Ssl_Rmi_Weblogic12c

Security 使用t3s weblogic的SSLHandshakeException

security ssl

Security 使用t3s weblogic的SSLHandshakeException,security,ssl,rmi,weblogic12c,Security,Ssl,Rmi,Weblogic12c,我已经完成了t3s设置和配置。现在当我试着打电话时，发现下面有异常。请帮帮我你尝试过上面提到的url吗以及以下根据例外情况： [java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance.

我已经完成了t3s设置和配置。现在当我试着打电话时，发现下面有异常。请帮帮我

你尝试过上面提到的url吗

以及以下根据

例外情况：

[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>   
[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>   
[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>   
[java]   
[java] TYPE_PARAM = ERROR  
[java] CODE_PARAM = null  
[java] MESSAGE_PARAM = null  
[java]   
[java]  
[java] at junit.extensions.jfunc.SALQATestCase.runBare(SALQATestCase.java:111)  
[java] at junit.extensions.jfunc.SALQATestCase$1.protect(SALQATestCase.java:96)  
[java] at junit.framework.TestResult.runProtected(TestResult.java:124)  
[java] at junit.extensions.jfunc.SALQATestCase.run(SALQATestCase.java:99)  
[java] at junit.framework.TestSuite.runTest(TestSuite.java:208)  
[java] at junit.framework.TestSuite.run(TestSuite.java:203)  
[java] at junit.extensions.jfunc.textui.SALQARunner.doRun(SALQARunner.java:69)  
[java] at junit.extensions.jfunc.textui.SALQARunner.run(SALQARunner.java:314)  
[java]  Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://xxxxxxxxxx.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:   
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]  
[java] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)  
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:808)  
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)  
[java] at weblogic.jndi.Environment.getContext(Environment.java:319)  
[java] at weblogic.jndi.Environment.getContext(Environment.java:288)  
[java] at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)  
[java] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)  
[java] at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)  
[java] at javax.naming.InitialContext.init(InitialContext.java:223)  
[java] at javax.naming.InitialContext.<init>(InitialContext.java:197)  
[java]  
[java] Caused by: java.net.ConnectException: t3s://xxxxxxxxxx.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:   
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination  
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)  
[java] at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)  
[java] at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:165)  
[java] at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)  
[java] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)  
[java] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)  
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)  
[java] ... 21 more  
[java] Caused by: java.rmi.ConnectException: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:   
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination  
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:490)  
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:328)  
[java] at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:267)  
[java] at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:204)  
[java] at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)  
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)

它说，您得到的错误不是SSLHandshake错误

“java.net.ConnectException:t3s://xxxxxxxxx.com:7002:Destination xx.xx.xx.xx，7002无法访问”

1）检查您提供的url

2）在该

DNS

端口上进行远程登录

3）确保没有防火墙阻止请求

4）如果7002是管理服务器的端口（我假设域中只有一台服务器），则尝试访问

https://DNS:7002/console

并首先查看加载是否正常。

SSL错误通常会产生误导。SSLHandshakeException通常是一个证书问题（SSL连接无法验证为可信）

您的服务器可能使用自签名证书进行签名，通常需要将自签名证书添加到您的cacerts密钥库中，以允许SSL信任它。i、例如，您需要将来自Weblogic服务器的SSL证书添加到JDK/JRE密钥库。请参阅此问题的答案：

如果您使用的是UNIX，则上面链接中的命令将按原样工作。如果您在windows上，您需要的所有UNIX实用程序（openssl、sed）都会秘密包含在GIT的安装中，或者您可以使用cygwin。我所要做的就是使用openssl获取证书，然后使用keytool（JDK的一部分）将其添加到我的JDK的cacerts文件中。（%JAVA\u HOME%\jre\lib\security\cacerts）

注意：如果将证书导入到~/.keystore文件（在windows上：%userprofile%.keystore），它仍将失败，但可能会出现不同的异常：

javax.net.ssl.SSLHandshakeException：一般的SSLEngine问题；没有到目标的可用路由器

一旦成功连接，它将如下所示：

Connecting to t3s://*********:7001 with userid ********...
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>
Successfully connected to Admin Server "AdminServer" that belongs to domain "******".

连接到t3s://********:7001，用户ID为********。。。
已成功连接到属于域“******”的管理服务器“AdminServer”。

另一篇关于检索和添加SSL密钥（通过java）的相关文章：

看起来Weblogic在抛出ConnectException时抛出了一个完全不合适的SSLHandshakeException，但您不明白“目标不可到达”的哪一部分？netstat-tulpn | grep:7002被列为LISTEN。对不对？

$ netstat -tulpn | grep :7002
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp        0      0 xxxxxxxxxxxxxxxxxxxxxx:7002 :::*                        LISTEN      25657/java
tcp        0      0 ::xxxx:127.0.0.1:7002       :::*                        LISTEN      25657/java
tcp        0      0 xxxx::xxxxxxxxxxxxxxxx:7002 :::*                        LISTEN      25657/java
tcp        0      0 ::xxxx:xx.xxx.xx.xx:7002  :::*                        LISTEN      25657/java

Connecting to t3s://*********:7001 with userid ********...
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>
Successfully connected to Admin Server "AdminServer" that belongs to domain "******".