我已完成t3s设置和配置。现在,当我尝试拨打电话以获得低于异常时。请帮帮我们。
已尝试提及steps Enterprise Software Development with Java: WebLogic Server SSL (https/t3s) and Java Web Start
的网址以下代码包含Configuring Transport-Level Security
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification","true");
System.setProperty("java.protocol.handler.pkgs", "weblogic.net");
System.setProperty("weblogic.security.TrustKeyStore","CustomTrust");
System.setProperty("weblogic.security.CustomTrustKeyStoreFileName","TRUST_STORE_LOCATION");
System.setProperty("weblogic.security.CustomTrustKeyStorePassPhrase","TRUST_STORE_PASSWORD");
System.setProperty("weblogic.security.CustomTrustKeyStoreType","JKS");
例外:
[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
[java] <Feb 25, 2014 1:14:22 AM EST> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>
[java]
[java] TYPE_PARAM = ERROR
[java] CODE_PARAM = null
[java] MESSAGE_PARAM = null
[java]
[java]
[java] at junit.extensions.jfunc.SALQATestCase.runBare(SALQATestCase.java:111)
[java] at junit.extensions.jfunc.SALQATestCase$1.protect(SALQATestCase.java:96)
[java] at junit.framework.TestResult.runProtected(TestResult.java:124)
[java] at junit.extensions.jfunc.SALQATestCase.run(SALQATestCase.java:99)
[java] at junit.framework.TestSuite.runTest(TestSuite.java:208)
[java] at junit.framework.TestSuite.run(TestSuite.java:203)
[java] at junit.extensions.jfunc.textui.SALQARunner.doRun(SALQARunner.java:69)
[java] at junit.extensions.jfunc.textui.SALQARunner.run(SALQARunner.java:314)
[java] Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://xxxxxxxxxx.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
[java] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:808)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)
[java] at weblogic.jndi.Environment.getContext(Environment.java:319)
[java] at weblogic.jndi.Environment.getContext(Environment.java:288)
[java] at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
[java] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
[java] at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
[java] at javax.naming.InitialContext.init(InitialContext.java:223)
[java] at javax.naming.InitialContext.<init>(InitialContext.java:197)
[java]
[java] Caused by: java.net.ConnectException: t3s://xxxxxxxxxx.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
[java] at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
[java] at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:165)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)
[java] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
[java] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)
[java] ... 21 more
[java] Caused by: java.rmi.ConnectException: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:490)
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:328)
[java] at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:267)
[java] at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:204)
[java] at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
在netstat下面列表。我在听音模式上看到了7002。这不正确吗?
$ netstat -tulpn | grep :7002
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 xxxxxxxxxxxxxxxxxxxxxx:7002 :::* LISTEN 25657/java
tcp 0 0 ::xxxx:127.0.0.1:7002 :::* LISTEN 25657/java
tcp 0 0 xxxx::xxxxxxxxxxxxxxxx:7002 :::* LISTEN 25657/java
tcp 0 0 ::xxxx:xx.xxx.xx.xx:7002 :::* LISTEN 25657/java
答案 0 :(得分:6)
SSL错误通常会产生误导。 SSLHandshakeException通常是证书问题(SSL连接无法验证为受信任)。
您的服务器可能已使用自签名证书进行签名,通常需要将其添加到您的cacerts密钥库以允许SSL信任它。即您需要将SSL证书从Weblogic服务器添加到JDK / JRE密钥库。请参阅此问题的答案:
如果您使用的是UNIX,则上述链接中的命令按原样运行。如果你在Windows上,你需要的所有UNIX实用程序(openssl,sed)都秘密地包含在GIT的安装中,或者你可以使用cygwin。我所要做的就是使用openssl获取证书,然后使用keytool(JDK的一部分)将其添加到我的JDK的cacerts文件中。 (%JAVA_HOME%\ JRE \ lib \ security中\ cacerts中)
注意:如果您将证书导入到〜/ .keystore,(在windows:%userprofile%.keystore上),文件仍然会失败,但您可能会遇到另外的异常:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
成功连接后,它将如下所示:
Connecting to t3s://*********:7001 with userid ********...
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jul 23, 2014 4:00:25 PM EDT> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>
Successfully connected to Admin Server "AdminServer" that belongs to domain "******".
关于检索和添加SSL密钥的另一篇相关文章(通过java):Java keytool easy way to add server cert from url/port
答案 1 :(得分:0)
您收到的错误不是SSLHandshake错误,它说
“java.net.ConnectException:t3s://xxxxxxxxxx.com:7002:Destination xx.xx.xx.xx,7002 unreachable”
1)检查您提供的网址。
2)在DNS端口
3)确保没有防火墙阻止请求。
4)如果管理服务器的端口为7002(假设您在域中只有1台服务器),请尝试访问https://DNS:7002/console并查看是否首先加载。