Wso2 登录到发布服务器或存储时，对等方未经过身份验证

当登录到/publisher或/store时，我得到了“Peer not authenticated”错误

为了提供更多上下文，我创建了一个新的密钥库，并将其.pem证书导入到client-trustore.jks中，最后更新了SSL密钥库配置以使用此新密钥库，如下所示：

启用SSL调试的WSO2日志：

%% Invalidated:  [Session-11, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
http-nio-9443-exec-25, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
http-nio-9443-exec-25, WRITE: TLSv1.2 Alert, length = 2
http-nio-9443-exec-25, called closeSocket()
http-nio-9443-exec-25, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-25, IOException in getSession():  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-nio-9443-exec-45, READ: TLSv1.2 Alert, length = 2
http-nio-9443-exec-45, RECV TLSv1.2 ALERT:  fatal, certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-45, called closeOutbound()
http-nio-9443-exec-45, closeOutboundInternal()
http-nio-9443-exec-45, SEND TLSv1.2 ALERT:  warning, description = close_notify
http-nio-9443-exec-45, WRITE: TLSv1.2 Alert, length = 2

TID: [-1234] [] [2020-03-10 15:03:32,866]  INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} -  Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID: [-1234] [] [2020-03-10 15:03:32,898]  INFO {org.apache.axis2.transport.http.HTTPSender} -  Unable to sendViaPost to url[https://<serverPublicIP>:9443/services/AuthenticationAdmin] {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
        at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
        at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)

%%无效：[Session-11，TLS\u ECDHE\u RSA\u与\u AES\u 256\u CBC\u SHA384]
http-nio-9443-exec-25，发送TLSv1.2警报：致命，描述=证书\未知
http-nio-9443-exec-25，写入：TLSv1.2警报，长度=2
http-nio-9443-exec-25，称为closeSocket（）
http-nio-9443-exec-25，处理异常：javax.net.ssl.SSLHandshakeException:sun.security.validator.validator异常：PKIX路径生成失败：sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效认证路径
http-nio-9443-exec-25，getSession（）中的IOException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败：sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
http-nio-9443-exec-45，读取：TLSv1.2警报，长度=2
http-nio-9443-exec-45，RECV TLSv1.2警报：致命，证书未知
http-nio-9443-exec-45，致命：引擎已关闭。重试javax.net.ssl.SSLException:收到致命警报：证书\u未知
http-nio-9443-exec-45，致命：引擎已关闭。重试javax.net.ssl.SSLException:收到致命警报：证书\u未知
http-nio-9443-exec-45，称为closeOutbound（）
http-nio-9443-exec-45，closeOutboundInternal（）
http-nio-9443-exec-45，发送TLSv1.2警报：警告，描述=关闭\u通知
http-nio-9443-exec-45，写入：TLSv1.2警报，长度=2
TID:[-1234][[2020-03-10 15:03:32866]信息{org.wso2.carbon.core.internal.permission.update.PermissionUpdater}-租户的权限缓存已更新-1234{org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID:[-1234][[2020-03-10 15:03:32898]信息{org.apache.axis2.transport.http.HTTPSender}-无法发送到url[https://:9443/services/AuthenticationAdmin]{org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLPeerUnverifiedException:对等方未经过身份验证
位于sun.security.ssl.SSLSessionImpl.getPeerCertificates（SSLSessionImpl.java:450）
位于org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName（SSLProtocolSocketFactory.java:276）
位于org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket（SSLProtocolSocketFactory.java:186）

我使用的keytool命令：

// Create the keystore
$ keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=<myhostdomain>, OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon

// Export the new keystore certificate
$ keytool -export -alias custom -keystore custom.jks -file custom.pem

// Import the new certificate into the client-truststore
$ keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon

//创建密钥库
$keytool-genkey-alias custom-keyalg RSA-keysize 2048-keystore custom.jks-dname“CN=，OU=Home，O=Home，L=SL，S=WS，C=LK”-storepass wso2carbon-keypass wso2carbon
//导出新密钥库证书
$keytool-export-alias custom-keystore custom.jks-file custom.pem
//将新证书导入客户端信任库
$keytool-import-alias custom-file custom.pem-keystore-client-truststore.jks-storepass wso2carbon

产品版本：

---

APIM 2.6（不使用IS作为密钥管理器，仅使用库存WSO2 API管理器）

在干净的安装上一致地再现了该问题。问题是我在浏览器中启用了H2数据库可视化，方法是在carbon.xml中更改此配置（有评论）：

8082

---

由于某些原因，这会导致在登录到发布服务器或存储时出现对等未验证的错误。

您必须启用ssl调试日志并找到原因，因为

对等未验证的
是一个非常普遍的错误。请参阅@Bee thank you，will do并使用更多详细信息更新问题，如证书未正确安装到客户端信任存储。你能再试一次吗？@Bee好的，我再试了一次。删除了以前的证书/密钥库并重新创建，然后我重新启动了服务器：不幸的是，同样的错误。我还使用用于创建和导入证书的命令更新了问题。你看到什么不好的地方了吗？我从头重新安装了wso2，现在它可以工作了，即使在添加了证书之后。不确定是哪个错误配置导致了此。。
<H2DatabaseConfiguration>
        <property name="web" />
        <property name="webPort">8082</property>
        <property name="webAllowOthers" />