堆栈内存溢出
  简体   繁体   English

Axis2 / Rampart客户自签名证书

[英]Axis2/Rampart Client Self-Signed Certificates

 原文  2012-06-21 10:48:19       java/ ssl/ certificate/ axis2/ rampart

问题描述

I'm trying to access a web service using a secure client. 我正在尝试使用安全客户端访问Web服务。

I generated two files: 我生成了两个文件:

nb19200.pkcs12 nb19200.pkcs12

server.jks server.jks

I pasted the server keystore in tomcat and uploaded the pkcs12 to my browser, everything works well. 我将服务器密钥库粘贴在tomcat中,并将pkcs12上传到我的浏览器,一切正常。

Now, in my client application, I tried the following: 现在,在我的客户端应用程序中,我尝试了以下操作:

First, export the server certificate, I used the following command: 首先,导出服务器证书,我使用以下命令:

keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass * * keytool -exportcert-别名servercert-文件servercert.cer -keystore server.jks -storepass * *

And then import it onto a keystore with nothing in there: 然后将其导入没有任何内容的密钥库中:

keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass * ** keytool -importcert -keystore truststore.jks -alias servercert-文件servercert.cer -v trustcacerts -noprompt -storepass * **

My code is the following: 我的代码如下: 

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

Ok, with this configuration I get the following error: 好的,使用此配置,我得到以下错误:

Caused by: java.net.SocketException: Connection closed by remote host 原因:java.net.SocketException:连接被远程主机关闭

If I comment the first two lines, the error I get is: 如果我评论前两行,我得到的错误是:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 引起原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径

So what am I doing wrong? 那我在做什么错?

I'm completely lost. 我完全迷路了。

Update full code: 更新完整代码:

http://pastebin.com/8xTYK3tY http://pastebin.com/8xTYK3tY

Stack trace: 堆栈跟踪: 

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

3 个解决方案

解决方案1
 1  2012-06-21 11:23:58

Look at the line where you define the keystore path: 查看定义密钥库路径的行: 

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

But you mentioned that the file name is server.jks . 但是您提到文件名是server.jks So if that is the case that is why the code cannot find the proper cert file. 因此,如果是这种情况,这就是为什么代码找不到正确的证书文件的原因。

UPDATE: 更新:

When using ssl (https) the server searches for the right certificate accroding to the 'CN'. 使用ssl(https)时,服务器将搜索正确的证书,附加到“ CN”上。 The CN must be equal to the name of the host. CN必须等于主机名。 According to the URL you posted i see you are using localhost, so you have to make the CN equals to your machine name (You can see it by right click My computer->propeties). 根据您发布的URL,我看到您正在使用localhost,因此必须使CN等于您的计算机名称(您可以通过右键单击“我的电脑”->“属性”来查看它)。

解决方案2
 0  2012-06-22 13:03:58

Please make sure the service is listening on the port 8443. Check the URL https://localhost:8443/axis2/services/SecureService exist. 请确保该服务正在侦听端口8443。检查URL https://localhost:8443/axis2/services/SecureService存在。 You can try this URL https://localhost:8443/axis2/services/SecureService?wsdl and see if you can get the WSDL of the service from that URL 您可以尝试使用此URL https://localhost:8443/axis2/services/SecureService?wsdl并查看是否可以从该URL获取服务的WSDL。

解决方案3
 0 已采纳  2012-06-22 14:22:23

I found the solution. 我找到了解决方案。

I was missing this: 我错过了这个: 

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 8的自签名证书 - Self-Signed Certificates With Java 8 具有自签名证书的双向SSL客户端 - Two-way SSL Client with Self-Signed Certificates 客户端使用自签名证书连接到SSL服务器 - Client connecting to an SSL server with Self-Signed Certificates 配置 Java 系统日志客户端以信任自签名证书 - Configuring a Java syslog client to trust self-signed certificates 使用Axis2附加客户端证书? - Attach client certificates with Axis2? Java:接受自签名证书 - Java: Accepting self-signed certificates 自签名证书,Java,Hudson和JIRA - Self-signed certificates, Java, Hudson and JIRA 这是接受自签名证书的有效方法吗? - Is this a valid approach to accept self-signed certificates? 处理 Java 中的自签名 SSL 证书 - Handling self-signed SSL certificates in Java Android SSLSockets使用自签名证书 - Android SSLSockets using self-signed certificates
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM