![](/img/trans.png)
[英]Configure Apache tomcat to send SSL certificate to frontend server(act as client)
[英]How to configure two way ssl on client and server on tomcat 7 using openssl for ssl certificate generation?
我已經使用pedrofb提供的解決方案配置了密鑰存儲區和信任關系,該解決方案在以下鏈接中給出。 如何在Spring WS中配置雙向SSL連接而不使用Spring Boot和單獨的Apache tomcat服務器?
我已經在tomcat 7中為客戶端和服務器設置了密鑰庫和信任屬性。但是,當我嘗試連接到服務器時,出現以下錯誤
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-nio-8443-exec-9, READ: TLSv1 Handshake, length = 185
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
*** ClientHello, TLSv1.2
RandomCookie: GMT: -364265602 bytes = { 151, 161, 117, 135, 49, 179, 239, 50, 221, 113, 108, 85, 152, 173, 82, 244, 120, 98, 133, 94, 72, 13, 209, 43, 60, 89, 124, 77 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=localhost]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
***
http-nio-8443-exec-1, READ: TLSv1 Handshake, length = 185
*** ClientHello, TLSv1.2
RandomCookie: GMT: 624575245 bytes = { 5, 128, 117, 156, 92, 134, 29, 210, 250, 146, 110, 193, 126, 10, 111%% Initialized: [Session-27, SSL_NULL_WITH_NULL_NULL]
, 45, 132, 231, 235, 77, 110, 238, 35, 93, 37, 164, 168, 251 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=localhost]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
***
%% Initialized: [Session-28, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-27, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1465167446 bytes = { 250, 227, 168, 23, 5, 88, 160, 124, 42, 177, 14, 37, 174, 160, 121, 13, 224, 215, 45, 17, 46, 117, 215, 62, 224, 31, 241, 109 }
Session ID: {87, 85, 174, 86, 210, 17, 84, 99, 103, 218, 211, 254, 20, 253, 117, 8, 221, 141, 57, 197, 148, 244, 184, 91, 112, 35, 41, 60, 219, 23, 171, 67}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
public exponent: 65537
Validity: [From: Mon Jun 06 22:09:30 IST 2016,
To: Tue Jun 06 22:09:30 IST 2017]
Issuer: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
SerialNumber: [ 9f141eca db1b5892]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\.
0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>..
0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,...
0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg.
0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._..
0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X.....
0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I....
0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T..
]
***
%% Negotiating: [Session-28, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1465167446 bytes = { 103, 27, 241, 116, 15, 29, 188, 76, 143, 250, 43, 244, 203, 202, 45, 229, 174, 22, 232, 84, 101, 180, 15, 46, 1, 2, 102, 153 }
Session ID: {87, 85, 174, 86, 57, 163, 69, 204, 125, 206, 51, 246, 36, 126, 169, 3, 253, 63, 0, 8, 97, 161, 116, 83, 52, 47, 229, 6, 202, 194, 109, 25}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
public exponent: 65537
Validity: [From: Mon Jun 06 22:09:30 IST 2016,
To: Tue Jun 06 22:09:30 IST 2017]
Issuer: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
SerialNumber: [ 9f141eca db1b5892]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\.
0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>..
0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,...
0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg.
0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._..
0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X.....
0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I....
0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T..
]
***
*** ECDH ServerKeyExchange
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 85555666343139018963533967280538968797633662983139641438682557033369225999165
public y coord: 8427840957609862596834523195604231585301724865593291933177525359181625802444
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
*** ServerHelloDone
Signature Algorithm SHA512withRSA
http-nio-8443-exec-1, WRITE: TLSv1.2 Handshake, length = 1336
Server key: Sun EC public key, 256 bits
public x coord: 84402873937186238897029201223811091119078490206065291036407576822220964455837
public y coord: 102495088922183201760899172514801345100289489285600965229707082740951466499978
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
*** ServerHelloDone
http-nio-8443-exec-9, WRITE: TLSv1.2 Handshake, length = 1336
http-nio-8443-exec-9, called closeOutbound()
http-nio-8443-exec-9, closeOutboundInternal()
http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2
http-nio-8443-exec-9, called closeOutbound()
http-nio-8443-exec-9, closeOutboundInternal()
http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
http-nio-8443-exec-4, READ: TLSv1 Handshake, length = 185
*** ClientHello, TLSv1.2
RandomCookie: GMT: -1587396700 bytes = { 168, 137, 156, 195, 17, 132, 253, 181, 204, 114, 165, 228, 86, 231, 233, 158, 148, 15, 75, 153, 17, 24, 212, 36, 209, 134, 90, 182 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=localhost]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
***
%% Initialized: [Session-29, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1465167446 bytes = { 225, 169, 240, 135, 216, 14, 179, 8, 242, 163, 54, 198, 242, 182, 103, 125, 233, 71, 73, 94, 94, 112, 96, 92, 230, 44, 24, 124 }
Session ID: {87, 85, 174, 86, 58, 130, 84, 54, 254, 224, 181, 52, 14, 113, 71, 231, 52, 58, 218, 105, 147, 197, 135, 24, 188, 193, 25, 160, 12, 186, 145, 122}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
public exponent: 65537
Validity: [From: Mon Jun 06 22:09:30 IST 2016,
To: Tue Jun 06 22:09:30 IST 2017]
Issuer: EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
SerialNumber: [ 9f141eca db1b5892]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\.
0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>..
0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,...
0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg.
0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._..
0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X.....
0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I....
0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T..
]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 81903135861506604845195203015394003955799288815680914864504286597024832297135
public y coord: 106714826192296131282741266053860770585192831249415196199432006232074628631588
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
<EMAILADDRESS=briantauro7@gmail.com, CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
*** ServerHelloDone
http-nio-8443-exec-4, WRITE: TLSv1.2 Handshake, length = 1336
http-nio-8443-exec-6, READ: TLSv1.2 Handshake, length = 7
*** Certificate chain
<Empty>
***
http-nio-8443-exec-6, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
http-nio-8443-exec-6, SEND TLSv1.2 ALERT: fatal, description = bad_certificate
http-nio-8443-exec-6, WRITE: TLSv1.2 Alert, length = 2
http-nio-8443-exec-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
http-nio-8443-exec-6, called closeOutbound()
http-nio-8443-exec-6, closeOutboundInternal()
在客戶端,我在瀏覽器中遇到以下錯誤
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT
服務器請求時,客戶端不發送其證書。
我必須在客戶端和服務器中都保持clientauth=true
嗎?
My Server keystore contains server.pfx
My Server trustore contains client.crt and ca.crt
My Client keystore contains client.p12 client.crt ca.crt
My Client trustore contains server.crt
謝謝
服務器正在請求證書並提供受信任的簽名者列表。 這來自服務器的信任庫。 客戶端在其密鑰庫中沒有由那些簽名者之一簽名的證書,因此它無法發送證書。
解決方案:要么讓客戶端證書由受信任的簽名者之一簽名,要么增強信任的簽名者以包括客戶端證書的簽名者。
我終於找到了我沒有在瀏覽器中安裝client.p12的解決方案,因此我的客戶端沒有將其證書發送到服務器。一旦在瀏覽器中安裝了client.p12,它就開始工作。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.