[英]PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target
I am using WSO2 API manager and keycloak servers for API gateway and user authentication.我正在使用 WSO2 API 管理器和 keycloak 服务器进行 API 网关和用户身份验证。 Both are running on Openshift 3.11.
两者都在 Openshift 3.11 上运行。 On the browser, while trying to redirect to a store page on wso2 apim getting below error.
在浏览器上,尝试重定向到 wso2 apim 上的商店页面时出现以下错误。 Also, I am using a self-signed certificate generared using keytool for both the servers and it is also imported into JVM cacerts respectively.
此外,我正在为两个服务器使用使用 keytool 生成的自签名证书,它也分别导入到 JVM cacerts 中。 Open JDK version is 1.8.
开放 JDK 版本为 1.8。
ERROR - WebAppManager org.mozilla.javascript.WrappedException: Wrapped javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (/store/jagg/jaggery_oidc_acs.jag#39)
I am getting fatal Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown in the ssl logs SSL Trace我得到了致命的 Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown in the ssl logs SSL Trace
WSO2 api manager serverlogs
*** ClientHello, TLSv1.2
RandomCookie: GMT: -779209738 bytes = { 34, 29, 203, 199, 214, 88, 147, 174, 199, 184, 79, 68, 86, 150, 221, 45, 65, 169, 84, 10, 255, 155, 151, 74, 102, 245, 103, 39 }
Session ID: {42, 139, 29, 172, 52, 46, 203, 207, 29, 65, 141, 230, 125, 206, 41, 206, 87, 139, 101, 118, 40, 54, 120, 240, 148, 225, 222, 95, 130, 19, 238, 225}
Cipher Suites: [Unknown 0xa:0xa, Unknown 0x13:0x1, Unknown 0x13:0x2, Unknown 0x13:0x3, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_43690, data:
Extension server_name, server_name: [type=host_name (0), value=wso2carbon-customwso2.10.100.90.136.nip.io]
Unsupported extension type_23, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {unknown curve 10794, unknown curve 29, secp256r1, secp384r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown (hash:0x8, signature:0x5), SHA384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA
Unsupported extension type_18, data:
Unsupported extension type_51, data: 00:29:2a:2a:00:01:00:00:1d:00:20:99:11:79:8f:3e:ca:9d:37:55:00:cf:54:3b:23:10:b1:71:93:92:06:81:ee:0f:b8:53:6e:e2:bf:23:b2:35:4e
Unsupported extension type_45, data: 01:01
Unsupported extension type_43, data: 0a:4a:4a:03:04:03:03:03:02:03:01
Unsupported extension type_27, data: 02:00:02
Unsupported extension type_47802, data: 00
Unsupported extension type_21, data: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
***
%% Initialized: [Session-11, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-11, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1558345095 bytes = { 0, 101, 202, 146, 210, 87, 107, 127, 247, 125, 156, 64, 134, 222, 141, 197, 11, 134, 90, 77, 183, 201, 188, 129, 108, 229, 69, 60 }
Session ID: {93, 226, 118, 135, 111, 45, 217, 124, 93, 2, 72, 71, 38, 116, 139, 207, 16, 91, 42, 171, 119, 141, 227, 122, 189, 253, 147, 133, 229, 78, 153, 32}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=wso2carbon-customwso2.10.100.90.136.nip.io, OU=Support, O=WSO2, L=Colombo, ST=Western, C=LK
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 24093749320119526217646893112163833209990474156688526832095621197039887367241482686643283752190553598539694041780318444455437473717327292475492934518259361370685860893170612648201871219684080088211608067291176086279564665228754086702863628019875085423939062501065434105176143021495735869756161068709421567662413327234744251786230141003775511653021592979156235418584147136970244449197736325946516688826096049982279922898011020940527605742056019219863317365450049812143562126732358220198845931195726312193213776283582315871213628750612092393628809426922961515763709022778700015014889582902887232786822789004520865673971
public exponent: 65537
Validity: [From: Fri Nov 29 07:02:23 UTC 2019,
To: Mon Nov 26 07:02:23 UTC 2029]
Issuer: CN=wso2carbon-customwso2.10.100.90.136.nip.io, OU=Support, O=WSO2, L=Colombo, ST=Western, C=LK
SerialNumber: [ 24b1e8e1]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 AC 4E 4A 58 57 29 25 C2 C4 0B 1A AD 3E 66 2E ..NJXW)%.....>f.
0010: C1 8A EC 66 ...f
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1D 01 81 69 ED BF F6 10 F6 17 D4 F2 87 63 D5 A2 ...i.........c..
0010: 12 CF 1A 09 ED FA E5 E3 24 18 03 FF E0 3B 0C A5 ........$....;..
0020: 31 0C D8 4B C5 FB 61 10 61 F5 42 71 E3 52 2F 70 1..K..a.a.Bq.R/p
0030: 97 B8 1F 61 96 0C 5F DB BA B5 A2 DF 42 79 E3 BA ...a.._.....By..
0040: 3C A8 C0 9C A5 8C 70 F9 51 46 36 39 D6 5A AA D7 <.....p.QF69.Z..
0050: 6E DD F0 35 E0 D0 FC AA 78 C2 57 4D BC E8 B1 FB n..5....x.WM....
0060: FF 03 C5 39 5B 06 8C FC 6F DA 42 B4 13 7D A9 14 ...9[...o.B.....
0070: 7B D2 5F A0 29 28 52 78 D8 F7 E7 2E 26 78 1C 4F .._.)(Rx....&x.O
0080: 16 A8 6B 02 3B FA 40 F2 4B AD 03 7D D0 9A F9 94 ..k.;.@.K.......
0090: 7E A9 48 D4 B6 58 A9 61 4E F0 CF 9A B5 77 8C B7 ..H..X.aN....w..
00A0: 74 76 FF 24 F2 B5 98 EE 70 1E 04 48 6F 54 1B EC tv.$....p..HoT..
00B0: 98 B8 7B B0 58 F3 11 F5 FB 2B 39 5C 3E 78 83 E5 ....X....+9\>x..
00C0: 86 2A 4A 83 D6 4C 8D 08 54 43 C3 57 5F C1 27 9A .*J..L..TC.W_.'.
00D0: 31 E8 77 A9 0B 2B F3 25 CB 7A 30 CF 45 CA 80 2A 1.w..+.%.z0.E..*
00E0: 4A C2 AC 5C 79 8F 25 70 E8 20 11 FC B5 BC 3E 1D J..\y.%p. ....>.
00F0: B4 B3 69 5D F9 2E 5C 83 AB 8F C3 1C A7 B1 5F F0 ..i]..\......._.
]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 30783140126565731034039954914815296826962617090801880033831456830219573014758
public y coord: 112055812426524440654969792257542967866103028528061549518876777480127240144881
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
http-nio-9443-exec-17, WRITE: TLSv1.2 Handshake, length = 1375
http-nio-9443-exec-19, READ: TLSv1.2 Alert, length = 2
http-nio-9443-exec-19, RECV TLSv1.2 ALERT: fatal, certificate_unknown
http-nio-9443-exec-19, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-19, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-19, called closeOutbound()
http-nio-9443-exec-19, closeOutboundInternal()
http-nio-9443-exec-19, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-9443-exec-19, WRITE: TLSv1.2 Alert, length = 2
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Are you sure that you are importing the right certificate?您确定要导入正确的证书吗? Seems to be that you are importing the wrong one or you are not using the cacerts that you think you are.
似乎是您导入了错误的证书,或者您没有使用您认为的 cacerts。
Please check both请检查两者
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.