我有一个IBM Websphere Liberty 8.5.5的开发环境;在此应用程序服务器前面有一个IBM HTTP Server(为IBM HTTP配置的外部CA SSL证书)。
我能够从互联网访问IBM HTTP,但是/mfpconsole会抛出异常(见下文)。
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E FWLSE3301E: Problem with SSL certificates. Possible fixes: Put the application server's certificate into the truststore. Or define the JNDI property mfp.admin.ui.cors.strictssl to false (not in production environments).
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Exception java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while redirecting request to :443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.ws.ssl.core.WSX509TrustManager E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN= was sent from the target host. The signer might need to be added to local trust store .p12, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Received status 500 for GET https://url:443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
答案 0 :(得分:0)
我在Liberty信任库中添加了CA证书,它解决了问题。谢谢