堆栈内存溢出
  简体   繁体   English

Java中的SSL密钥和客户端身份验证

[英]SSL keys and client auth in Java

 原文  2011-05-09 12:59:23       java/ web-services/ ssl/ ssl-certificate/ authentication

问题描述

I am connecting to a webservice SSL client auth, I set up the keystore by: 我正在连接到Web服务SSL客户端身份验证,我通过以下方式设置了密钥库: 

System.getProperties().setProperty("javax.net.ssl.keyStore", 
                                  "d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");

When calling the webservice: 调用Web服务时: 

GetAccountBalanceResponse resp = services.getAccountBalance(request);

I get a following error 我收到以下错误 

WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is: 
    HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
    at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
    at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
    at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
    ... 2 more

The keystore containes the private certificate for the client, the certificate is valid and works fine when used in the browser. 密钥库包含客户端的专用证书,该证书有效,并且在浏览器中使用时可以正常工作。 How should I fix it? 我应该如何解决?

Many thanks. 非常感谢。

1 个解决方案

解决方案1
 3 已采纳  2011-05-09 14:12:38

This error occurs when the CA which signed the server cert is either not one of the well know CAs or the public certificate of the CA is not in the trust store of the client. 当签署服务器证书的CA不是众所周知的CA之一,或者CA的公共证书不在客户端的信任库中时,会发生此错误。 To get around this you will have to add the public certificate of the CA to the trust store of the client. 为了解决这个问题,您将必须将CA的公共证书添加到客户端的信任库中。

See unable to find valid certification path to requested target and No more 'unable to find valid certification path to requested target' for detailed instructions. 有关详细说明,请参见无法找到到请求目标的有效证书路径没有更多“无法找到到请求目标的有效证书路径”

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java SSL客户端身份验证:如何在密钥库中选择别名? - Java SSL Client Auth: How to select alias in Keystore? 带有SSL的Java JMX客户端 - Java JMX client with SSL Java客户端上的SSL握手 - SSL HandShake on Java Client 在java中模拟SSL客户端 - Simulate a SSL client in java Java客户端SSL重新协商 - Java client SSL renegotiate Java ssl客户端标识 - Java ssl client identification JAVA - SSL - 客户端证书 - JAVA - SSL - Client Certifcates Java中的Mqtt客户端ssl示例 - Mqtt client ssl example in java SOAP Java客户端HTTPS / SSL - SOAP java client HTTPS/SSL java ssl多个客户端证书 - java ssl multiple client certificates
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM