SSLException错误证书

时间:2013-07-15 21:09:12

标签: java ssl certificate ubuntu-12.04 keytool

我有一个简短的分配,即扩展一个简单的Java服务器以支持Ubuntu上的SSL。

好的,首先,我这样做了:

private static SSLServerSocketFactory factory; 

private static SSLServerSocket serverSocket;



public SimpleWebServer () throws Exception {          

//dServerSocket = new ServerSocket (PORT);  

factory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

serverSocket = (SSLServerSocket)factory.createServerSocket(8081);

}                                                     



public void run() throws Exception {                 

while (true) {                                   

    /* wait for a connection from a client */

    //Socket s = dServerSocket.accept();

    SSLSocket s = (SSLSocket)serverSocket.accept();

    /* then process the client's request */

    processRequest(s);                           

}                                                

}

似乎很好,我按如下方式运行服务器:

java -Djavax.net.ssl.keyStore=com/learnsecurity/keystore.jks -Djavax.net.ssl.keyStorePassword=123456 com/learnsecurity/SimpleWebServer

然而,当我从Firefox向https://localhost:8081发送请求时,服务器用这个垃圾炸弹了我:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1796)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1039)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1574)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:705)
at sun.security.ssl.ServerHandshaker.sendChangeCipherAndFinish(ServerHandshaker.java:1297)
at sun.security.ssl.ServerHandshaker.clientFinished(ServerHandshaker.java:1257)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:244)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:978)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1223)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:838)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:94)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:282)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:324)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:176)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:153)
at java.io.BufferedReader.readLine(BufferedReader.java:316)
at java.io.BufferedReader.readLine(BufferedReader.java:379)
at com.learnsecurity.SimpleWebServer.processRequest(SimpleWebServer.java:62)
at com.learnsecurity.SimpleWebServer.run(SimpleWebServer.java:45)
at com.learnsecurity.SimpleWebServer.main(SimpleWebServer.java:178)

我按照本教程生成了证书: http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

我一直在寻找解决方案,但我没有运气。我在想,因为服务器正在运行,这与证书有关。有人能指出我正确的方向吗?

2 个答案:

答案 0 :(得分:1)

您的服务器很好,它已准备好接受来自“信任”的客户端的SSL连接,这意味着其证书在您的服务器的密钥库中可用。并且,在上述情况下,情况并非如此,因为FireFox中的证书未在服务器的密钥库中列为受信任的证书。因此,导出Firefox证书并将其作为可信证书导入服务器的密钥库中。

How to export certificates from FireFox

How to export certificates from Firefox 2

答案 1 :(得分:0)

好的,我不确定这里到底发生了什么,但我不知何故神奇地修复了它。

我想查看导致异常的原因,因此我使用processRequest()的try catch包裹SSLHandshakeException。突然间,Firefox向我大吼大叫证书是不可信的(好的迹象)。所以我从服务器添加证书,突然连接工作。我关闭Firefox并再次尝试,现在由于NullPointerException它再次被破坏。好的,所以我用NullPointerException包装我的请求解析器try catch ..现在它没有问题。我甚至没有 - 有人可以解释这种疯狂吗?

相关问题
最新问题