Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何使用HostnameVerifier AllowAll配置WSO2 ESB SSL访问_Ssl_Wso2_Wso2esb - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • 如何使用HostnameVerifier AllowAll配置WSO2 ESB SSL访问

如何使用HostnameVerifier AllowAll配置WSO2 ESB SSL访问

ssl wso2

如何使用HostnameVerifier AllowAll配置WSO2 ESB SSL访问,ssl,wso2,wso2esb,Ssl,Wso2,Wso2esb,在尝试访问https web服务时,我已经为WSO2 ESB的配置挣扎了几天。我遵循了许多建议,到目前为止我所做的是 将web服务客户端证书导入repostory/resources/security中的client-truststore.jks 将代理访问参数添加到repository/conf/axis2/axis2.xml(因为ESB位于公司防火墙后面) 在axis2.xml中将AllowAll参数添加到transportSender https 已重新启动esb,但仍然得到异常 http

在尝试访问https web服务时,我已经为WSO2 ESB的配置挣扎了几天。我遵循了许多建议,到目前为止我所做的是 将web服务客户端证书导入repostory/resources/security中的client-truststore.jks 将代理访问参数添加到repository/conf/axis2/axis2.xml(因为ESB位于公司防火墙后面) 在axis2.xml中将AllowAll参数添加到transportSender https 已重新启动esb,但仍然得到异常

http-nio-9443-exec-50, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
http-nio-9443-exec-50, WRITE: TLSv1 Alert, length = 2
http-nio-9443-exec-50, called closeSocket()
http-nio-9443-exec-50, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching my.domain.com found
http-nio-9443-exec-50, WRITE: TLSv1 Application Data, length = 1
http-nio-9443-exec-50, WRITE: TLSv1 Application Data, length = 154
我正在使用jdk1.6_34,并尝试使用WSO2 ESB 4.5.1和4.6,结果相同。 日志显示ssl握手正在启动,但随后以上述错误结束。所有的谷歌搜索都表明hostnameverifier参数应该起作用,但显然没有。我是否应该在其他地方配置此参数,或者此参数是否在其他地方被覆盖?我已经没有选择和地方可以看这个了

编辑: 我又做了一次尝试,通过将主机文件中的主机名设置为客户端证书中指定的CN,我现在可以更进一步,但我现在遇到另一个错误,我似乎无法理解。 具体错误是“…此密码没有使用IV”,但调试跟踪为

Found trusted certificate:
[
[
Version: V1
Subject: CN=mydomain.com, O=my o, ST=INTERFACES, C=GB
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key:  Sun RSA public key, 1024 bits
   modulus:#### loads of numbers here ####
public exponent: 65537
Validity: [From: Mon Apr 22 14:26:25 BST 2013,
           To: Tue Apr 22 14:26:25 BST 2014]
Issuer: CN=ath-st2-API-a, O=Northgate IS, ST=INTERFACES, C=GB
SerialNumber: [    a4cf31a6 9c0d920d]

]
Algorithm: [SHA1withRSA]
Signature:
### signature here ###
]
http-nio-9443-exec-13, READ: SSLv3 Handshake, length = 98
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=mydomain.com, O=my o, ST=INTERFACES, C=GB>
*** ServerHelloDone
http-nio-9443-exec-13, SEND SSLv3 ALERT:  warning, description = no_certificate
http-nio-9443-exec-13, WRITE: SSLv3 Alert, length = 2
*** ClientKeyExchange, RSA PreMasterSecret, SSLv3
http-nio-9443-exec-13, WRITE: SSLv3 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
###master secret here ####
CONNECTION KEYGEN:
Client Nonce:
0000: 52 45 86 22 10 B0 E2 EF   19 10 B1 04 ED C9 6F B0  RE."..........o.
0010: C3 8E BC D6 2C C9 5E D0   CA 8E 88 6B 22 53 1D B0  ....,.^....k"S..
Server Nonce:
0000: 52 45 86 23 B0 56 30 EC   84 F0 48 C1 F7 31 0C 5C  RE.#.V0...H..1.\
0010: 43 B3 CB 25 DA 19 4C 0E   B1 71 CB 17 8E 0C 62 04  C..%..L..q....b.
Master Secret:
0000: C3 F4 6B 9B EB 50 67 BD   6C A8 F0 63 88 A1 5A C7  ..k..Pg.l..c..Z.
0010: E5 CD A4 9A 46 95 3F B3   13 2D 4E BF 77 2C 64 86  ....F.?..-N.w,d.
0020: 44 D2 89 B5 09 EE 96 E5   8B 8D E2 30 04 09 F2 D3  D..........0....
Client MAC write Secret:
0000: F7 76 83 C9 16 F5 CB 33   E3 43 3F 7B 68 2E 8A 6F  .v.....3.C?.h..o
Server MAC write Secret:
0000: CC FB 14 CE 21 AD C8 BC   20 C1 A5 2B 0B 2B 83 35  ....!... ..+.+.5
Client write key:
0000: 9C 9E FA A5 68 6E 27 2C   E0 6E 80 9D ED C9 1C 01  ....hn',.n......
Server write key:
0000: B7 5A 24 DD 6F 65 5A 7E   C8 AD 4A 29 E4 09 08 6D  .Z$.oeZ...J)...m
... no IV used for this cipher
http-nio-9443-exec-13, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 174, 247, 182, 190, 5, 104, 242, 127, 216, 79, 94, 15, 215, 236, 236,   211, 30, 51, 116, 56, 138, 144, 19, 125, 0, 54, 52, 114, 173, 138, 170, 166, 24, 67, 108, 102 }
***
http-nio-9443-exec-13, WRITE: SSLv3 Handshake, length = 56
http-nio-9443-exec-13, READ: SSLv3 Alert, length = 2
http-nio-9443-exec-13, RECV SSLv3 ALERT:  fatal, handshake_failure
http-nio-9443-exec-13, called closeSocket()
http-nio-9443-exec-13, handling exception: javax.net.ssl.SSLHandshakeException:     Received fatal alert
: handshake_failure
http-nio-9443-exec-13, WRITE: TLSv1 Application Data, length = 1
http-nio-9443-exec-13, WRITE: TLSv1 Application Data, length = 154
http-nio-9443-ClientPoller-0, called closeOutbound()
http-nio-9443-ClientPoller-0, closeOutboundInternal()
http-nio-9443-ClientPoller-0, SEND TLSv1 ALERT:  warning, description = close_notify
http-nio-9443-ClientPoller-0, WRITE: TLSv1 Alert, length = 32
Finalizer, called close()
Finalizer, called closeInternal(true)

找到受信任的证书:
[
[
版本:V1
主题:CN=mydomain.com,O=myo,ST=INTERFACES,C=GB
签名算法:SHA1withRSA,OID=1.2.840.113549.1.1.5
密钥:Sun RSA公钥,1024位
模数:#####这里有大量的数字####
公众指数:65537
有效期:[自:2013年4月22日星期一14:26:25英国夏令时,
致:2014年4月22日星期二14:26:25英国夏令时]
发卡机构:CN=ath-st2-API-a,O=Northgate IS,ST=INTERFACES,C=GB
序列号:[a4cf31a6 9c0d920d]
]
算法:[SHA1 WithRSA]
签名:
###在这里签名###
]
http-nio-9443-exec-13,读为:SSLv3握手,长度=98
***证书申请
证书类型:RSA、DSS
核证机关:
***海龙石
http-nio-9443-exec-13,发送SSLv3警报:警告,描述=无证书
http-nio-9443-exec-13,写入:SSLv3警报,长度=2
***客户端密钥交换,RSA PreMasterSecret,SSLv3
http-nio-9443-exec-13,写入:SSLv3握手,长度=132
会话密钥:
毕业前的秘密:
###这里是主秘密####
连接键:
客户暂时:
0000:52 45 86 22 10 B0 E2 EF 19 10 B1 04 ED C9 6F B0 RE.“……o。
0010:C3 8E BC D6 2C C9 5E D0 CA 8E 88 6B 22 53 1D B0…..^…k“S。。
服务器当前值:
0000:52 45 86 23 B0 56 30 EC 84 F0 48 C1 F7 31 0C 5C RE.#V0…H..1\
0010:43 B3 CB 25 DA 19 4C 0E B1 71 CB 17 8E 0C 62 04 C..L..q..b。
主秘密:
0000:C3 F4 6B 9B EB 50 67 BD 6C A8 F0 63 88 A1 5A C7..k..Pg.l..c..Z。
0010:E5 CD A4 9A 46 95 3F B3 13 2D 4E BF 77 2C 64 86…F.?…-西北,d。
0020:44 D2 89 B5 09 EE 96 E5 8B 8D E2 30 04 09 F2 D3 D。。。。
客户端MAC写入机密:
0000:F776 83 C9 16 F5 CB 33 E3 43 3F 7B 68 2E 8A 6F.v.…3.C?.h.o
服务器MAC写入机密:
0000:CC FB 14 CE 21 AD C8 BC 20 C1 A5 2B 0B 2B 83 35…..+。5.
客户端写入密钥:
0000:9C 9E FA A5 68 6E 27 2C E0 6E 80 9D ED C9 1C 01…hn',n。。。。。。
服务器写入密钥:
0000:B7 5A 24 DD 6F 65 5A 7E C8 AD 4A 29 E4 09 08 6D.Z$.oeZ…J)…m
... 这个密码没有使用IV
http-nio-9443-exec-13,写入:SSLv3更改密码规范,长度=1
***完成
核实数据:{174247182190,5104242,127,216,79,94,15,215236236211,30,51,116,56,138,144,19,125,0,54,52,114,173,138,170,166,24,67,108,102}
***
http-nio-9443-exec-13,写入:SSLv3握手,长度=56
http-nio-9443-exec-13,读取:SSLv3警报,长度=2
http-nio-9443-exec-13,RECV SSLv3警报:致命,握手失败
http-nio-9443-exec-13,称为closeSocket()
http-nio-9443-exec-13,处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报
:握手失败
http-nio-9443-exec-13,WRITE:TLSv1应用程序数据,长度=1
http-nio-9443-exec-13,WRITE:TLSv1应用程序数据,长度=154
http-nio-9443-ClientPoller-0,称为closeOutbound()
http-nio-9443-ClientPoller-0,closeOutboundInternal()
http-nio-9443-ClientPoller-0,发送TLSv1警报:警告,描述=关闭\u通知
http-nio-9443-ClientPoller-0,写入:TLSv1警报,长度=32
终结器,称为close()
终结器,称为closeInternal(true)
我已尝试将axis2配置文件中的https.protocols=SSLv3、SSLv2Hello或https.protocols=SSLv3作为一个文件传递给https发送方传输,但这也没有帮助

欢迎提出建议。 谢谢
Conrad

检查证书是否为同一域颁发?证书的CN条目不相同,因此我承认这就是我收到错误的原因。我无法控制证书,这就是为什么我试图获得使用HostnameVerifier工作的明显的文档化解决方案。