[英]Java application can't connect to https web service using EJBCA library
我希望 Java 应用程序使用 EJBCA 库连接到 web 服务,但它会引发异常。 您会看到以下 void 方法尝试连接到 Ejbca
protected void connectToEjbca() {
LOG.info("Establishing Ejbca conecction");
String trustStore = CONFIG.getProperty("truststore");
String trustStorePassword = CONFIG.getProperty("truststore.password");
String keyStoreType = CONFIG.getProperty("keystore.type");
String keyStore = CONFIG.getProperty("keystore");
String keyStorePassword = CONFIG.getProperty("keystore.password");
String ejbcaUrl = CONFIG.getProperty("url");
try{
CryptoProviderTools.installBCProvider();
KeyManager[] kms = this.getKeyManagers(keyStore, keyStorePassword);
TrustManager[] tms = this.getTrustManagers(trustStore, trustStorePassword);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, null);
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
ws = service.getEjbcaWSPort();
connect = true;
LOG.info("EJBCA connection was successfully");
}catch(Exception ex){
LOG.info("Error in EJBCA connection: " + ex.getLocalizedMessage());
connect = false;
ex.printStackTrace();
}
}
代码执行失败: EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
例外情况说:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
根据config.properties:
url=https:\//192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl
truststore=E:\\admin_test.jks
keystore=E:\\admin_test.p12
keystore.type=PKCS12
密码变量没问题。
Additionally, I imported the admin_test.p12 certificate to firefox and the browsers shows the page https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl very well.
此外,我将 admin_test.p12 证书导入 Windows 证书管理器。 然后。 我导出为 X.509 证书 (admin_test.cert)。 之后,我通过 KeyStore Explorer 创建了一个 JKS 文件并导入了 admin_test.cert。
config.properties 中引用了这两个文件 admin_test.cert 和 admin_test.p12
So the url https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl work by firefox but the java application doesn't.
我怀疑问题出在我认为生成不好的 jks 文件中。
我能做些什么?
我想你是对的。 您的错误消息是“无法找到请求目标的有效证书路径”,这表明客户端无法找到 CA 证书作为受信任的证书来验证 TLS 连接。 这是一个纯粹的 TLS 连接建立问题。 truststore 必须包含服务器证书链的 CA 证书,仅此而已。
Java应用程序如何通过NTLM身份验证连接到wcf https Web服务?
[英]How Java application connect to wcf https web service with NTLM authentication?
无法使用 Java 中的 WebClient 连接到特定的 https 网站
[英]Can't connect to specific https website using WebClient in Java
无法使用Java和CXF连接到服务器上War文件中的Web服务
[英]Can't connect to web service in war file on server using Java and CXF
Java Web应用程序无法连接远程Tomcat 8服务器上的数据库
[英]Java Web Application can't connect database on remote Tomcat 8 Server
JAVA-Tomcat 5应用程序使用HTTPS连接到Web服务,而Tomcat 7 Application不
[英]JAVA - Tomcat 5 Application connecting to Web Service using HTTPS, while Tomcat 7 Application does not
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.