我正在使用入站https端点在mule中开发一个rest webservice。我已经使用tls-key-store和tls-server配置了https连接器。(使用keytool生成了相同的连接)。
以下是配置文件:
<https:connector name="httpsConnector" doc:name="HTTP\HTTPS" validateConnections="true">
<https:tls-key-store path="keystore.jks" keyPassword="welcome" storePassword="welcome"/>
<https:tls-server path="truststore.jks" storePassword="welcome"/>
</https:connector>
<flow name="RESTFlow1" doc:name="RESTFlow1">
<https:inbound-endpoint exchange-pattern="request-response" host="0.0.0.0" port="8082" connector-ref="httpsConnector" doc:name="HTTPS"/>
<jersey:resources doc:name="REST">
<component class="com.thinxtream.rest.restWebservices"/>
</jersey:resources>
</flow>
客户端是一个连接到这个mule rest webservice的flex应用程序,它给出了以下错误:
httpsConnector.receiver.02] org.mule.exception.DefaultSystemExceptionStrategy: Caught exception in Exception Strategy: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.mule.transport.http.HttpServerConnection.readLine(HttpServerConnection.java:219)
at org.mule.transport.http.HttpServerConnection.readRequest(HttpServerConnection.java:185)
at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:155)
at org.mule.work.WorkerContext.run(WorkerContext.java:311)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Flex应用程序上的任何配置也都是吗?
答案 0 :(得分:1)
如果您自己创建了服务器端证书,那么它可能是自签名的或使用您自己的CA证书签名。客户端需要信任签名证书或服务器证书本身。为此,您需要将服务器证书(链)导入客户端使用的信任库。