IBM Liberty和Cloudant之间的SSL握手失败
我正在用https运行IBMLiberty服务器(在IBM容器上),并带有自签名证书(在server.xml中描述) 我正在连接到IBMCloudAnt数据库以满足数据库的需要。在我将liberty服务器切换到https之前,一切正常。我得到以下例外IBM Liberty和Cloudant之间的SSL握手失败,ssl,ssl-certificate,ibm-cloud,websphere-liberty,cloudant,Ssl,Ssl Certificate,Ibm Cloud,Websphere Liberty,Cloudant,我正在用https运行IBMLiberty服务器(在IBM容器上),并带有自签名证书(在server.xml中描述) 我正在连接到IBMCloudAnt数据库以满足数据库的需要。在我将liberty服务器切换到https之前,一切正常。我得到以下例外 [ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=M
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
非常感谢您的帮助。请尝试:openssl s_客户端-连接xxxxx-bluemix.cloudant.com:443,其中xxxxx-bluemix.cloudant.com指的是您的bluemix cloudant服务实例
您可以通过从Cloudant服务实例启动Bluemix中的Cloudant仪表板来获取服务实例域。单击右上角的API选项卡。我很晚才意识到这个错误,但这有助于解决问题。
cloudant.combluemix.cloudant.comxxxxx-bluemix.cloudant.comxxxxx-bluemix.cloudant.com/opt/ibm/wlp/output/defaultServer/resources/security/key.jkssecurityUtility createSSLCertificate