使用jssole与ssl时的握手失败

时间:2012-05-02 15:12:25

标签: java ssl jconsole

我正在尝试使用jconsole远程连接到应用程序。没有SSL,我的配置没有问题。

我在我想访问的服务器上创建了一个公钥:

sudo keytool -keystore broker.ks -alias broker -genkey -keyalg RSA

然后我导出了证书:

sudo keytool -export -alias broker -keystore broker.ks -file broker_cert.crt

客户端我创建一个信任存储并导入证书:

-import -alias broker -keystore broker.ts -file broker_cert.crt

然后我按如下方式启动我的代理服务器端:

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-jar broker.jar \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password

正如我所提到的,密码配置正常,因为我可以在将jmxremote.ssl设置为false时进行连接。

客户端我然后像这样启动jconsole:

jconsole -J-Djavax.net.ssl.trustStore=/etc/activemq/broker.ts -J-Djavax.net.ssl.trustStorePassword=password -J-Djava.util.logging.config.file=/etc/activemq/logging.properties

尝试连接服务器时,日志会出现以下错误:

failed to connect: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

要详细说明,我的证书肯定是正确设置的。我可以在/ etc / activemq中执行服务器端:

keytool -list -keystore broker.ks

并接受:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

broker, 01-May-2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): 30:55:60:4A:B5:85:D0:C5:2C:E9:DD:AD:1E:92:BE:6E

/ etc / activemq中的客户端我可以输入:

keytool -list -keystore broker.ks

并接受:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

broker, May 3, 2012, trustedCertEntry,
Certificate fingerprint (MD5): 30:55:60:4A:B5:85:D0:C5:2C:E9:DD:AD:1E:92:BE:6E

如您所见,证书指纹匹配。更令人沮丧的是,当我启动jconsole时,我可以在-J-Djavax.net.ssl.trustStore=<boguspathhere>中放置一条完全虚假的路径,但我收到与我正确放置/etc/activemq/broker.ts时完全相同的错误 - 我希望日志至少告诉我它是否找到了信任商店!而不仅仅是给予

failed to connect: java.rmi.ConnectIOException: error during JRMP connection     establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

GRRRR

1 个答案:

答案 0 :(得分:2)

嗯,这个谜已经解决了,而且一直是我的愚蠢:

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-jar broker.jar \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password

最后两个系统属性参数被忽略,因为-jar broker.jar在它们之前运行。为了解决这个问题,我需要做的就是写:

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password \
-jar broker.jar

卫生署!

相关问题
最新问题