javax.net.ssl.SSLHandshakeException：null cert chain java error

Question

我試圖建立一個ssl連接。我有一個服務器，我有一個客戶端。 我讓它們都在同一台機器上運行。 我正在嘗試在客戶端和服務器之間建立SSL連接。 我使用以下keytool命令為服務器和客戶端生成了證書。

對於客戶

keytool -keystore clientstore -genkey -alias client -validity 3650

然后我將客戶端的根證書導出到一個調用的文件client.cer

對於服務器keytool -keystore serverstore -genkey -alias server -validity 3650然后我將服務器的根證書導出到cer文件callled server.cer

我現在使用以下命令將客戶端證書“client.cer”導入serverstore密鑰庫

keytool -import -keystore serverstore -file client.cer -alias client

並使用以下命令將服務器證書“server.cer”導入clientstore密鑰庫

keytool -import -keystore clientstore -file server.cer -alias server

執行此操作后，我將server.cer和client.cer都導入到cacerts Keystore中。 但是當我嘗試建立一個ssl連接時，我在服務器javax.net.ssl.SSLHandshakeException上出現此錯誤：null cert chain和客戶端javax.net.ssl.SSLHandshakeException上的此錯誤：收到致命警報：bad_certificate。

我的服務器代碼。

package serverapplicationssl;


import java.io.*;
import java.security.KeyStore;
import java.security.Security;
import java.security.PrivilegedActionException;

import javax.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.Security;

import java.io.*;

public class ServerApplicationSSL {

public static void main(String[] args) {
boolean debug = true;

System.out.println("Waiting For Connection");

int intSSLport = 4447;

{
    Security.addProvider(new Provider());

}
if (debug) {
    System.setProperty("javax.net.debug", "all");
}
FileWriter file = null;
try {
    file = new FileWriter("C:\\SSLCERT\\Javalog.txt");

} catch (Exception ee) {
    //message = ee.getMessage();

}

try {

    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(new FileInputStream("C:\\SSLCERT\\OntechServerKS"), "server".toCharArray());
    file.write("Incoming Connection\r\n");

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
            .getDefaultAlgorithm());
    kmf.init(keystore, "server".toCharArray());

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(kmf.getKeyManagers(), null, null);

    SSLServerSocketFactory sslServerSocketfactory = (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketfactory.createServerSocket(intSSLport);
    sslServerSocket.setEnabledCipherSuites(sslServerSocket.getSupportedCipherSuites());
    sslServerSocket.setNeedClientAuth(true);
    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    //SSLServerSocket server_socket = (SSLServerSocket) sslServerSocket;

    sslSocket.startHandshake();

 // Start the session
    System.out.println("Connection Accepted");
    file.write("Connection Accepted\r\n");

    while (true) {
        PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);

        String inputLine;

        //while ((inputLine = in.readLine()) != null) {
        out.println("Hello Client....Welcome");
        System.out.println("Hello Client....Welcome");
        //}

        out.close();
        //in.close();
        sslSocket.close();
        sslServerSocket.close();
        file.flush();
        file.close();
    }

} catch (Exception exp) {
    try {
        System.out.println(exp.getMessage() + "\r\n");
        exp.printStackTrace();
        file.write(exp.getMessage() + "\r\n");
        file.flush();
        file.close();
    } catch (Exception eee) {
        //message = eee.getMessage();
    }

}

}

}

這是我的客戶代碼

import java.io.*;
import java.net.*;
import java.security.*;
import java.util.Enumeration;

import javax.net.ssl.*;

public class SSLConnect {

public String MakeSSlCall(String meternum) {
    String message = "";
    FileWriter file = null;
    try {
        file = new FileWriter("C:\\SSLCERT\\ClientJavalog.txt");

    } catch (Exception ee) {
        message = ee.getMessage();

    }
    //writer = new BufferedWriter(file );
    try {
        file.write("KeyStore Generated\r\n");
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(new FileInputStream("C:\\SSLCERT\\SkyeClientKS"), "client".toCharArray());

        file.write("KeyStore Generated\r\n");
        Enumeration enumeration = keystore.aliases();
        while (enumeration.hasMoreElements()) {
            String alias = (String) enumeration.nextElement();
            file.write("alias name: " + alias + "\r\n");
            keystore.getCertificate(alias);
            file.write(keystore.getCertificate(alias).toString() + "\r\n");
        }
        TrustManagerFactory tmf =TrustManagerFactory.getInstance("SunX509");
        tmf.init(keystore);
        file.write("KeyStore Stored\r\n");
        SSLContext context = SSLContext.getInstance("SSL");
        TrustManager[] trustManagers = tmf.getTrustManagers();
        context.init(null, trustManagers, null);

        SSLSocketFactory f = context.getSocketFactory();
        file.write("About to Connect to Ontech\r\n");
        SSLSocket c = (SSLSocket) f.createSocket("192.168.1.16", 4447);
        file.write("Connection Established to 196.14.30.33 Port: 8462\r\n");
        file.write("About to Start Handshake\r\n");
        c.startHandshake();
        file.write("Handshake Established\r\n");
        file.flush();
        file.close();
        return "Connection Established";
    } catch (Exception e) {
        try {
            file.write("An Error Occured\r\n");
            file.write(e.getMessage() + "\r\n");
            StackTraceElement[] arrmessage = e.getStackTrace();
            for (int i = 0; i < arrmessage.length; i++) {
                file.write(arrmessage[i] + "\r\n");
            }

            file.flush();
            file.close();
        } catch (Exception eee) {
            message = eee.getMessage();

        }
        return "Connection Failed";
    }
}
}

在我的服務器上堆棧跟蹤執行

javax.net.ssl.SSLHandshakeException: null cert chain
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1804)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:222)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:892)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at serverapplicationssl.ServerApplicationSSL.main(ServerApplicationSSL.java:69)

在我的客戶端上堆棧跟蹤執行

Received fatal alert: bad_certificate
sun.security.ssl.Alerts.getSSLException(Unknown Source)
sun.security.ssl.Alerts.getSSLException(Unknown Source)
sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
SSLConnect.MakeSSlCall(SSLConnect.java:96)
BankCollectSSLCon.main(BankCollectSSLCon.java:13)

可能導致此錯誤的原因是什么？可能是因為我在同一台計算機上同時運行服務器和客戶端？...現在已經有一段時間了。 我需要幫助

Answer 1

請嘗試包含此代碼段，以便所有證書都可信。

  public static void trustSelfSignedSSL() {
    try {
        SSLContext ctx = SSLContext.getInstance("TLS");
        X509TrustManager tm = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate[] xcs, String string)
                    throws CertificateException {}

            public void checkServerTrusted(X509Certificate[] xcs, String string)
                    throws CertificateException {}

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        ctx.init(null, new TrustManager[] { tm }, null);
        SSLContext.setDefault(ctx);
    } catch (Exception ex) {
        // LOGGER.error("Exception : ", ex.getStackTrace());
        System.out.println(ex.getStackTrace());
    }