[英]EJBCA how create keystore for communication between webservice and java code (wsdl exception)
i have installed ejbca with jboss on a ubuntu server. 我已经在ubuntu服务器上用jboss安装了ejbca。 The version of jboss is 5.1.0.GA, while the version of ejbca is 4_0_10.
jboss的版本是5.1.0.GA,而ejbca的版本是4_0_10。 Now i would use ejbca function in my java project (eclipse) so I implemented the following code:
现在,我将在Java项目(Eclipse)中使用ejbca函数,因此实现了以下代码:
CryptoProviderTools.installBCProvider();
String urlstr = "https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl";
System.setProperty("javax.net.ssl.trustStore","C:\\Users\\PcEclipse.jks");
System.setProperty("javax.net.ssl.trustStorePassword","Prova");
System.setProperty("javax.net.ssl.keyStore","C:\\Users\\PcEclipse.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "Prova");
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service = null;
try {
service = new EjbcaWSService(new URL(urlstr),qname);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
System.out.println("errore nell'url");
}
EjbcaWS ejbcaraws = service.getEjbcaWSPort();
but i have the exception 但我有例外
Exception in thread "main" javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl. It failed with:
Got java.security.cert.CertificateException: No name matching EJBCA.cloud found while opening stream from https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl.
The keystore is generated with ejbca web ui creating a new endentity ed create a keystore in jks extension. 密钥库是使用ejbca Web ui生成的,它在jks扩展中创建了一个新的endedity ed和一个密钥库。 This is a problem of keystore?How i can create the correct keystore/truststore?
这是密钥库的问题吗?我如何创建正确的密钥库/信任库? Thanks
谢谢
I have generated a new keystore and truststore but now the error is: 我生成了一个新的密钥库和信任库,但是现在的错误是:
Caused by: java.security.UnrecoverableKeyException: Password must not be null
I was experiencing the same issue as you. 我遇到了与您相同的问题。 In my case the cert CN did seem to match the server domain name so I couldn't work out why it wasn't working.
在我的情况下,cert CN似乎与服务器域名匹配,因此我无法弄清为什么它不起作用。
I've not yet found an solution however I was able to confirm I wasn't going insane using the following code snippet which allowed me to compare the server and cert hostname values. 我还没有找到解决方案,但是我可以使用以下代码片段确认我不会发疯,该代码片段使我可以比较服务器和证书主机名的值。 It will also allow you to ignore the host validation by returning true.
它还将允许您通过返回true来忽略主机验证。
But note that the validation is no longer taking place and this is a security control that is now being bypassed. 但是请注意,验证不再进行,并且这是一个安全控制,现在已被绕过。
I can't take credit for the code snippet, albeit simple I found it online but can't recall the source. 尽管我在网上找到了该代码段,但是却记不清源代码,因此我无法相信该代码段。
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+ session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.