由于“没有适当的协议”,无法通过证书加载Web服务
[英]can't load web service with certificate due to “No appropriate protocol”
问题描述
我正在尝试使用ssl证书加载Web服务,说服务器已启动,但是当我尝试使用此Web服务(通过SOAPUI)时,在eclipse的日志中看到了“ SSLHandshakeException”,我看到了这一点:
没有适用于SSLv2的密码套件Hello没有适用于SSLv3的密码套件没有适用于TLSv1的密码套件没有适用于TLSv1.1的密码套件没有适用于TLSv1.2的密码套件qtp1589240253-57,致命错误:80:解包网络记录javax.net的问题.ssl.SSLHandshakeException:没有适当的协议qtp1589240253-57,发送TLSv1警报:致命,描述= internal_error qtp1589240253-57,WRITE:TLSv1警报,长度= 2 qtp1589240253-53-5,称为closeOutbound()qtp1589240253-57,closeOutboundInternal()
我试图查看jdk.tls.disabledAlgorithms =上的java.security文件,但它已经注释了。
这是我的代码:
String address = "https://localhost:8052/test";
JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
sf.setServiceClass(new testImpl().getClass());
sf.setAddress(address);
sf.getServiceFactory().setInvoker(new BeanInvoker(new
testImpl()));
SSLServerConfigUtil sSLServerConfigUtil = new SSLServerConfigUtil();
sSLServerConfigUtil.setTrustpass("test123");
sSLServerConfigUtil.setKeyStoreName("JKS");
sSLServerConfigUtil.setFilePath("C:\\serverKeystore.jks");
sSLServerConfigUtil.configureSSLOnTheServer(sf, 8052);
公共类SSLServerConfigUtil {
private String trustpass;
private String keyStoreName;
private String filePath;
public SSLServerConfigUtil() {
}
public JaxWsServerFactoryBean configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port, String address) {
try {
TLSServerParameters tlsParams = new TLSServerParameters();
KeyStore keyStore = KeyStore.getInstance(keyStoreName);
String password = trustpass;
File truststore = new File(filePath);
keyStore.load(new FileInputStream(truststore), password.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
truststore = new File(filePath);
keyStore.load(new FileInputStream(truststore), password.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_EXPORT_.*");
filter.getInclude().add(".*_EXPORT1024_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
filter.getInclude().add(".*_CBC_*");
filter.getInclude().add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
tlsParams.setCipherSuitesFilter(filter);
ClientAuthentication ca = new ClientAuthentication();
ca.setRequired(true);
ca.setWant(true);
tlsParams.setClientAuthentication(ca);
JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
factory.setTLSServerParametersForPort(port, tlsParams);
}
catch (KeyStoreException kse) {
System.out.println("Security configuration failed with the following: " + kse.getCause());
}
catch (NoSuchAlgorithmException nsa) {
System.out.println("Security configuration failed with the following: " + nsa.getCause());
}
catch (FileNotFoundException fnfe) {
System.out.println("Security configuration failed with the following: " + fnfe.getCause());
}
catch (UnrecoverableKeyException uke) {
System.out.println("Security configuration failed with the following: " + uke.getCause());
}
catch (CertificateException ce) {
System.out.println("Security configuration failed with the following: " + ce.getCause());
}
catch (GeneralSecurityException gse) {
System.out.println("Security configuration failed with the following: " + gse.getCause());
}
catch (IOException ioe) {
System.out.println("Security configuration failed with the following: " + ioe.getCause());
}
return sf;
}
public String getTrustpass() {
return trustpass;
}
public void setTrustpass(String trustpass) {
this.trustpass = trustpass;
}
public String getKeyStoreName() {
return keyStoreName;
}
public void setKeyStoreName(String keyStoreName) {
this.keyStoreName = keyStoreName;
}
public String getFilePath() {
return filePath;
}
public void setFilePath(String filePath) {
this.filePath = filePath;
}
}
服务器启动时的日志:
> found key for : myserverkey
chain [0] = [
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
Key: Sun DSA Public Key
Parameters:DSA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
y:
7dbaa1be 67511718 1d35eee7 6d52a7ef a204f2e4 2d0716cc 63671fac 1f094701
91f30d6d aa79efcd c7f3c076 27f16ff3 fe1e236c 06f7de90 13f7108e 54a25487
f40b1619 bbaf0a3a e2be9303 a458da35 8f1d5a42 5ded9e1e b55396e9 33668c46
03edd8db 49081077 3dbcd226 69f1a537 8edaa51f d6e9701f bee09df9 46cad1f3
Validity: [From: Thu Jan 28 08:45:23 GMT+02:00 2016,
To: Sat Jan 27 08:45:23 GMT+02:00 2018]
Issuer: CN=localhost
SerialNumber: [ 7879d2f7]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 FA 45 5C B0 4F 56 0B E2 FB E3 D4 AA 90 69 0E ..E\.OV.......i.
0010: CE 07 54 09 ..T.
]
]
]
Algorithm: [SHA1withDSA]
Signature:
0000: 30 2D 02 15 00 8E AA 9B A8 BD 67 F4 A3 2B 66 4C 0-........g..+fL
0010: 56 12 81 51 57 08 1C 74 4C 02 14 08 F9 C5 12 0C V..QW..tL.......
0020: 5A 3D BC 1C 5F CB D1 E9 D7 E3 01 89 36 24 4B Z=.._.......6$K
]
***
adding as trusted cert:
Subject: CN=localhost
Issuer: CN=localhost
Algorithm: DSA; Serial number: 0x7879d2f7
Valid from Thu Jan 28 08:45:23 GMT+02:00 2016 until Sat Jan 27 08:45:23 GMT+02:00 2018
Feb 03, 2016 8:56:33 AM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service
Feb 03, 2016 8:56:34 AM org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be https://localhost:8052/test
Feb 03, 2016 8:58:26 AM org.eclipse.jetty.server.Server doStart
INFO: jetty-7.5.4.v20111024
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Feb 03, 2016 8:59:13 AM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started CXFJettySslSocketConnector@0.0.0.0:8052 STARTING
Feb 03, 2016 8:59:17 AM org.eclipse.jetty.server.handler.ContextHandler startContext
INFO: started o.e.j.s.h.ContextHandler{,null}
Feb 03, 2016 8:59:18 AM com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.3 (FCS b03) for context '/OnInterfaces'
Feb 03, 2016 8:59:19 AM com.sun.faces.spi.InjectionProviderFactory createInstance
INFO: JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans methods marked with these annotations will have said annotations processed.
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Feb 03, 2016 8:59:19 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 387136 ms
谁能帮忙吗? 提前致谢!!
1 个解决方案
解决方案1
0 2016-02-03 09:34:03
尝试添加从Oracle站点http://www.oracle.com/technetwork/es/java/javase/downloads/jce-7-download-432124.html下载的Java Criptography Extension jar文件(这是针对JAVA7的,您应该下载到您的JAVA_HOME / jre / security / lib文件夹中。 让我们知道! 问候
**编辑:用于使用InstallCert。 1.下载并编译。 2.编辑运行配置,添加程序参数,方法如下:host:port passphrase(通常此通行证为“ changeit”)。3.使用该配置运行它。 4. Installcert创建您的信任库的副本,并将服务器中的证书添加到其中。 5.将“ jssecacerts”重命名为cacerts,并替换java> jre> security> lib中的原始cacerts文件。6.然后尝试连接到服务器。
由于缺少java中的证书而导致Web服务出错(基于XML SOAP)
[英]Error consuming web service due to lack of certificate in java (XML SOAP based)
无法使用 maven web 项目在 Z69F0F6923BC1F8AAA26B96BCZ 项目中创建新的 java 因收到致命警报协议2:
[英]Can not to create new java with maven web project in NetBeans due Received fatal alert: protocol_version
由于缺少证书,无法从Java访问blockchain.info
[英]Can't access blockchain.info from java due to missing certificate
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
由于CORS,无法连接到Java中的Web服务
SSL协议可以保护Web服务吗?
由于缺少java中的证书而导致Web服务出错(基于XML SOAP)
没有证书如何连接到https Web服务?
无法使用 maven web 项目在 Z69F0F6923BC1F8AAA26B96BCZ 项目中创建新的 java 因收到致命警报协议2:
为什么Js无法从我的Web服务目录中加载图像文件?
由于先前的错误,Spring Web应用程序无法启动
由于缺少证书,无法从Java访问blockchain.info
Java无法连接到PHP Web服务
无法连接到Azure Rest Web服务
相关标签