I have identically generated and signed certificates in Raspberry Pi and Ubuntu Linux .
SSL connection works fine on Raspberry while fails on Ubuntu with error Received fatal alert: unknown_ca
During certificate verify procedure I found difference:
Failed (Ubuntu on AWS)
*** CertificateVerify
Signature Algorithm SHA256withRSA
Good (Raspberry Pi)
*** CertificateVerify
Signature Algorithm SHA512withRSA
Why I have different signature algorithm? In both cases identical commands was used to create and sign certificates.
Might it be problem while communicating with Java?
UPD
Trying to enable Unlimited Strength Jurisdiction Policy
I have two folders in my Java installation that contains local_policy.jar
and US_export_policy.jar
:
C:\java\jdk1.8.0_241\jre\lib\security\policy\limited
C:\java\jdk1.8.0_241\jre\lib\security\policy\unlimited
I suppose unlimited
folder contains required libs, but to be sure I have downloaded them from Oracle and overwritten.
I uncomented line crypto.policy=unlimited
in C:\\java\\jdk1.8.0_241\\jre\\lib\\security\\java.security
file
But problem remains the same. Is till have error:
MQTT Con: 2, RECV TLSv1.2 ALERT: fatal, unknown_ca
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
I would try checking if your client has Unlimited Strength Jurisdiction Policy enabled.
$JAVA_HOME/jre/lib/security
(for JDK) $JAVA_HOME/lib/security
(for JRE) The file has to have the line: crypto.policy=unlimited
If it's not there you will have to download a distributable from Oracle and then add the above line into the security
file.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.