为什么在Ubuntu环境中Mule-ESB不使用默认的Java密钥库?
[英]Why does Mule-ESB in an Ubuntu environment not use the default Java key store?
问题描述
This question may be Java related or it may be Mule related. 
这个问题可能与Java有关,也可能与Mule有关。 I just don't know, which is why I'm asking it under both tags. 我只是不知道,这就是为什么我要在两个标签下都询问它。
My problem is this: I develop Mule applications using Mule Studio (although I do most of my configuring through XML, it's just more powerful). 我的问题是:我使用Mule Studio开发Mule应用程序(尽管我大部分都是通过XML进行配置,但功能更强大)。 Until recently, we used a Windows environment to host applications. 直到最近,我们还使用Windows环境托管应用程序。 So whatever worked on my development machine worked on the server. 因此,无论在我的开发机器上工作的是在服务器上工作的。
However, we recently switched from a Windows to an Ubuntu server environment. 但是,我们最近从Windows切换到Ubuntu服务器环境。 When I started migrating my Mule applications I noticed that it simply refused to connect to any endpoint over the HTTPS protocol. 当我开始迁移我的Mule应用程序时,我注意到它只是拒绝通过HTTPS协议连接到任何端点。 A little research showed that the following exception occured: 少量研究表明,发生了以下异常:
subject/issuer name chaining check failed (java.security.cert.CertPathValidatorException)
So a certificate problem. 所以证书问题。 It shouldn't occur, because the endpoint uses a valid certificate signed by VeriSign. 它不应该发生,因为端点使用了VeriSign签名的有效证书。 Futhermore, it never occured in the Windows environment. 此外,它从未在Windows环境中发生过。 A little trial and error showed that not a single certificate was being accepted by Mule. 稍作尝试后发现Mule没有接受任何证书。 That would seem to point at Mule or Java since it doesn't seem to be able to use any of the default certificates. 这似乎指向Mule 或 Java,因为它似乎无法使用任何默认证书。 I managed to fix it by creating a key store containing all certificates and having my HTTPS connector reference that, but it means changing all my applications and having to scrape together every single certificate. 我设法通过创建一个包含所有证书的密钥存储并用我的HTTPS连接器引用来解决此问题,但这意味着更改我的所有应用程序,并且必须将每个证书都拼凑在一起。
So my question is twofold: 所以我的问题是双重的:
- Why can't Java/Mule use the default key store? 为什么Java / Mule无法使用默认密钥存储区?
- How do I fix it? 我如何解决它?
EDIT + ANSWER: I've fixed it. 编辑+答案:我已修复它。 It seems to have been my own mistake. 这似乎是我自己的错误。 I installed Java 1.6 after I installed Java 1.7. 在安装Java 1.7之后,我安装了Java 1.6。 This seemed to have rolled my cacerts back to some ancient version which the system was unable to update. 这似乎使我的证书回到了系统无法更新的某个古老版本。 When I installed Java 1.6 and installed Java 1.7 after that, the most recent version got installed. 当我安装Java 1.6并在此之后安装Java 1.7时,就安装了最新版本。
1 个解决方案
解决方案1
0 已采纳 2014-01-15 10:03:31
I've fixed it. 我已经解决了。 It seems to have been my own mistake. 这似乎是我自己的错误。 I installed Java 1.6 after I installed Java 1.7. 在安装Java 1.7之后,我安装了Java 1.6。 This seemed to have rolled my cacerts back to some ancient version which the system was unable to update. 这似乎使我的证书回到了系统无法更新的某个古老版本。 When I installed Java 1.6 and installed Java 1.7 after that, the most recent version got installed. 当我安装Java 1.6并在此之后安装Java 1.7时,就安装了最新版本。
So the lesson learned in this: do not install an older JRE after a newer one. 因此,我们从中吸取了教训:不要在较新的JRE之后安装较旧的JRE。 Mule does not like it. ule子不喜欢它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.