问题描述
我正在尝试请求在 WSO2 身份服务器中创建一个新用户,但我无法连接到 api:
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|DEBUG|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.408 GMT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal","description": "certificate_unkNown"
}
)
javax.net.ssl|ERROR|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.410 GMT|TransportContext.java:342|Fatal (CERTIFICATE_UNKNowN): Received fatal alert: certificate_unkNown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unkNown
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:499)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
at org.apache.tomcat.util.net.socketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
我已经在 client-truststore.jks 中导入了我的证书。
步骤:
1-) keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=,OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon
2-) keytool -export -alias custom -keystore custom.jks -file custom.pem
3-) 在 /wso2is-5.11.0/repository/resources/security/ 中导入证书
keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon
4-) 检查是否已导入:
keytool -list -v -keystore client-truststore.jks -alias custom -storepass wso2carbon -keypass wso2carbon
Java 应用程序:
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore","custom.jks");
System.setProperty("javax.net.ssl.trustStorePassword","wso2carbon");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
}
protected void submit(HttpMethodBase method) throws IOException {
HttpClient httpUpdateClient = new HttpClient();
// **************************Erro SSL*******************************
int responseStatus = httpUpdateClient.executeMethod(method);
// **************************Erro SSL*******************************
String response = method.getResponseBodyAsstring();
System.out.println("/******SCIM response status: " + responseStatus);
System.out.println("SCIM response data: " + response + "******/");
}
我错过了什么吗?
PS:WSO2-IS 在开发环境中的 docker 环境中运行,我正在尝试从本地机器连接。
解决方法
我在我的应用程序中使用了 WSO2 IS 附带的证书并且它有效。
wso2is-5.11.0/repository/resources/security/wso2carbon.jks
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore","wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword","wso2carbon");
}