stackoom
  简体   繁体   中英

SSL Certificate Error in a JAVA application on Tomcat7 in Ubuntu

 原文  2016-11-16 06:34:02       java/ ubuntu/ tomcat/ ssl

Question

I have created a JAVA Application and have deployed it on Tomcat7 in an Ubuntu 16.04 System. The application hits a request on an https:// but returns the following error:

java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

I have tried installing the certificate in the JRE used by the system:

tomcat7 3388 1 0 11:07 ? 00:00:11 /usr/lib/jvm/default-java/bin/java

But i still get the same error.

I have also installed the certificate in the cacerts.jks keystore and have tried using java 

-Djavax.net.ssl.keyStore=/usr/lib/jvm/default-java/jre/lib/security/cacerts.jks -Djavax.net.ssl.keyStorePassword=changeit

But I am still getting the error: 

java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    in.pwc.FormHandler.doPost(FormHandler.java:184)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
root cause

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
    org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:131)
    org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:648)
    org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:623)
    org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:115)
    org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
    org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:360)
    org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:177)
    org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:77)
    org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:95)
    org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    in.pwc.test.decrypt(test.java:62)
    org.apache.jsp.viewAdmin_jsp._jspService(viewAdmin_jsp.java:193)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    in.pwc.FormHandler.doPost(FormHandler.java:184)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

I am assuming that my java and tomcat are using some other certificate store but I am unable to find the same.

How can I go about solving this error?

Update: I do not need my application to be https or using SSL the request its makes is an HTTPS request which has to be a verified one as a requirement of the appliance.

1 answers

solution1
 0  2016-11-16 06:50:59

As shown in this answer from another post:

If the server's certificate is self-signed, then this is working as designed and you will have to import the server's certificate into your keystore.

Assuming the server certificate is signed by a well-known CA, this is happening because the set of CA certificates available to a modern browser is much larger than the limited set that is shipped with the JDK/JRE.

You must import the proper Root CA into your keystore to validate the certificate. There's a reason you can't get around this with the stock SSL code, and that's to prevent you from writing programs that behave as if they are secure but are not.

This will solve your issue, but if you want only a local solution ( that is not useful on production ), you can find some options on this post .

Hope it helps you.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question EV SSL Certificate in Tomcat7 Why JAVA_HOME not recognized by tomcat7 in Ubuntu? SSL Error during Chef-Solo Tomcat7 Cookbook Installation Install Application on Tomcat7 Tomcat7 on Ubuntu14.04 html works but 404 error for servlets Configuring SSL with Tomcat7 Server Unable to redeploy the java application to tomcat7 using maven deployment Integrate Akka with Spring in Java web application project under Tomcat7 Automated deployment of Grails/Java web application to Tomcat7 from Git Certificate SSL in local. Java - Tomcat
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM