堆栈内存溢出
  简体   繁体   English

Java / SSL服务器套接字

[英]Java / SSL Server Socket

 原文  2011-09-30 18:24:18       java

问题描述

I am writing an application that will accept LDAP queries via port 636, do some non ldap stuff, and then hand back an ldap looking response. 我正在编写一个应用程序,该应用程序将通过端口636接受LDAP查询,执行一些非ldap的工作,然后递回ldap查找响应。

I'm a bit new to Java but have managed this much - I created a self signed cert, imported it into the keystore. 我对Java有点陌生,但是已经做了很多工作-我创建了一个自签名证书,并将其导入到密钥库中。

When attempting to make a connection I get the following error - main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca 尝试建立连接时,出现以下错误-主要,正在处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报:unknown_ca

Argh... I've included the debug information at the bottom.. My application does find the cert in the keystore - Thanks for any help. 糟糕...我在底部包含了调试信息。.我的应用程序确实在密钥库中找到了证书-感谢您的帮助。 

System.setProperty("javax.net.debug", "ssl");
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks");  
int port = 636;

ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket;
ssocket = ssocketFactory.createServerSocket(port);

// Listen for connections
while (true)
{
    Socket socket = ssocket.accept();
    InputStream in = socket.getInputStream();

    // do stuff
socket.close();
}

///// DEBUG OUT when program is run //////程序运行时调试 

keyStore is : C:\openssl\certs\laptop.ks
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
***
found key for : mylaptop
chain [0] = [
[
  Version: V1
  Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: <SNIP> 
  public exponent: 65537
  Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
           To: Sat Sep 29 09:55:27 EDT 2012]
  Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  SerialNumber: [    03]

]
  Algorithm: [SHA1withRSA]
  Signature: <snip>

]
***
trustStore is: C:\openssl\certs\laptop.ks
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
      Issuer:  CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US

Algorithm: RSA; 算法:RSA; Serial number: 0x3 Valid from Fri Sep 30 09:55:27 EDT 2011 until Sat Sep 29 09:55:27 EDT 2012 序列号:0x3有效期从2011年9月30日星期五09:55:27至2012年9月29日星期六 

adding as trusted cert:
  Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  Issuer:  CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  Algorithm: RSA; Serial number: 0xb85a831528797e79
  Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: mylaptop
main, called closeSocket()
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, READ:  SSL v2, contentType = Handshake, translated length = 65
    *** ClientHello, TLSv1
Cipher Suites: <snip>

***
Cipher suite:  SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: <snip>
  public exponent: 65537
  Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
               To: Sat Sep 29 09:55:27 EDT 2012]
  Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
  SerialNumber: [    03]

]
  Algorithm: [SHA1withRSA]
   Signature:
]
***
*** ServerHelloDone
main, WRITE: TLSv1 Handshake, length = 662
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, unknown_ca
main, called closeSocket()

1 个解决方案

解决方案1
 0  2011-09-30 18:47:43

I wish I had a definitive answer, but the SO questions here and here seem to indicate a problem with the way the certificate was generated or imported. 我希望我能有一个明确的答案,但是此处此处的SO问题似乎表明生成或导入证书的方式存在问题。 The first suggests regenerating without any extensions enabled. 第一个建议在不启用任何扩展的情况下重新生成。 The second suggests ensuring the cert you import has the entire chain (which may not be applicable for your self-signed cert). 第二个建议建议确保导入的证书具有整个链(这可能不适用于您的自签名证书)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java客户端/服务器SSL套接字聊天 - Java Client/Server SSL Socket Chat 基于Java SSL套接字的客户端/服务器应用 - Java SSL socket based client/server application Java SSL套接字服务器不正确的InputStream - Java SSL Socket Server not correct InputStream java ssl套接字服务器握手中止 - java ssl socket server handshake aborted Java SSL套接字Web服务器错误证书 - Java SSL Socket Web Server Bad Certificate Java Server SSL套接字和Python Client SSL套接字-服务器发送消息时出现问题 - Java Server SSL Socket and Python Client SSL socket - problems when server send messages 为什么Java中的SSL Server套接字连接会阻塞而非SSL Server套接字却不会? - Why does an SSL Server Socket connection block in Java whereas a non SSL Server Socket does not? Java SSL套接字编程 - Java SSL Socket Programming 使用客户端身份验证实现 java SSL 和 TLS 服务器套接字 - Implementing a java SSL and TLS server socket with client authentication 如何使SSL服务器套接字支持java中的http和https? - How make SSL server socket support both http & https in java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM