I have created a web service in Java which posts data to another web service. This requires SSL certificates for authentication. This web service is running fine on Tomcat, but when I deploy the same code on GlassFish 3.0.1 server, I am getting javax.net.ssl.SSLHandshakeException
: Received fatal alert: unknown ca exception. I have imported the certificate to glassfish trustStore using keytool. The required certificates are provided by client.
My code:
System.setProperty("javax.net.ssl.keyStoreType" , "pkcs12");
System.setProperty("javax.net.ssl.keyStore", applicationRootDirPath + "clientCert.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.trustStore", "path of glass fish truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
try {
url = new URL(serverUrl);
urlConn = url.openConnection();
urlConn.setDoOutput(true);
urlConn.setRequestMethod("POST");
urlConn.setAllowUserInteraction(false);
urlConn.setUseCaches(false);
urlConn.setRequestProperty("Content-type", "text/xml; charset=utf-8");
urlConn.setRequestProperty("Content-Length", new Integer(xml.length()).toString());
try {
writer = new OutputStreamWriter(urlConn.getOutputStream(), "UTF-8");
writer.write(xmlData);
} finally {
if (writer != null) {
writer.close();
}
}
trace += "\n urlConn.getInputStream()";
in = urlConn.getInputStream();
}
What is the development environment that you are using? If you are using NetBeans, you have to set these in VMargs in /etc/netbeans.conf
(this is needed for proper web service tool functionality, so that you can generate clients for example):
<NETBEANS_HOME>/bin/netbeans.exe
-J-Djavax.net.ssl.trustStore=<AS_HOME>/domains/domain1/config/cacerts.jks
-J-Djavax.net.ssl.keyStore=<AS_HOME>/domains/domain1/config/keystore.jks
-J-Djavax.net.ssl.trustStorePassword=changeit
-J-Djavax.net.ssl.keyStorePassword=changeit
Also, make sure that you have set up the truststore in GlassFish correctly; add these lines exactly like this to the JVM options:
-Djavax.net.ssl.trustStore=${truststore.location}
-Djavax.net.ssl.trustStorePassword=${ssl.password}
Also, if it is not a valid certificate (eg hostnames do not match, which is a common reason of javax.net.ssl.SSLHandshakeException
), you can do a workaround in the client web service for development/testing purposes:
static {
//WORKAROUND. TO BE REMOVED.
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("mytargethostname")) { //Change to actual value
return true;
}
return false;
}
});
}
At the moment I don't see the source of your problem, but these are some points I think you should troubleshoot at.
您还需要指定以下JVM选项:
-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=[alias of the client certificate in your keystore]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.