Ubuntu中Tomcat7上的JAVA应用程序中的SSL证书错误
[英]SSL Certificate Error in a JAVA application on Tomcat7 in Ubuntu
问题描述
I have created a JAVA Application and have deployed it on Tomcat7 in an Ubuntu 16.04 System. 
我创建了一个JAVA应用程序,并将其部署在Ubuntu 16.04系统的Tomcat7上。 The application hits a request on an https:// but returns the following error: 该应用程序在https://上命中一个请求,但返回以下错误:
java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated java.io.IOException:javax.net.ssl.SSLPeerUnverifiedException:对等方未通过身份验证
I have tried installing the certificate in the JRE used by the system: 我尝试将证书安装在系统使用的JRE中:
tomcat7 3388 1 0 11:07 ? tomcat7 3388 1 0 11:07? 00:00:11 /usr/lib/jvm/default-java/bin/java 00:00:11 / usr / lib / jvm / default-java / bin / java
But i still get the same error. 但是我仍然遇到同样的错误。
I have also installed the certificate in the cacerts.jks keystore and have tried using java 我还在cacerts.jks密钥库中安装了证书,并尝试使用Java
-Djavax.net.ssl.keyStore=/usr/lib/jvm/default-java/jre/lib/security/cacerts.jks -Djavax.net.ssl.keyStorePassword=changeit
But I am still getting the error: 但是我仍然收到错误:
java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
in.pwc.FormHandler.doPost(FormHandler.java:184)
javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
root cause
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:131)
org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:648)
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:623)
org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:115)
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:360)
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:177)
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:77)
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:95)
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
in.pwc.test.decrypt(test.java:62)
org.apache.jsp.viewAdmin_jsp._jspService(viewAdmin_jsp.java:193)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
in.pwc.FormHandler.doPost(FormHandler.java:184)
javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
I am assuming that my java and tomcat are using some other certificate store but I am unable to find the same. 我假设我的java和tomcat使用其他证书存储,但是我找不到相同的证书。
How can I go about solving this error? 我该如何解决这个错误?
Update: I do not need my application to be https or using SSL the request its makes is an HTTPS request which has to be a verified one as a requirement of the appliance. 更新:我不需要我的应用程序是https或使用SSL,它发出的请求是一个HTTPS请求,该请求必须经过验证才能作为设备的要求。
1 个解决方案
解决方案1
0 2016-11-16 06:50:59
As shown in this answer from another post: 如另一篇文章的答案所示:
If the server's certificate is self-signed, then this is working as designed and you will have to import the server's certificate into your keystore.
Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set that is shipped with the JDK/JRE.
You must import the proper Root CA into your keystore to validate the certificate.
This will solve your issue, but if you want only a local solution ( that is not useful on production ), you can find some options on this post . 这将解决您的问题,但如果你只想要一个本地的解决方案( 即不生产有用的 ),你可以找到一些这方面的选项后 。
Hope it helps you. 希望对您有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.