我正在使用weblogic 10.3.6,我已将应用程序A和B部署到同一个盒子中,但服务器实例不同。
两个服务器都在为SSL配置中的双向客户端证书行为选择“未请求的客户端证书”。
每当我们重新启动服务器时,它在同一天工作正常。但是,从第二天开始,当应用程序A尝试向应用程序B调用https服务器请求时,我收到以下错误。
Weblogic服务器日志跟踪:
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 455813>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <20666515 SSL Version 2 with no padding>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 SSL3/TLS MAC>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 received SSL_20_RECORD>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ClientHelloV2>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 58>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 4809>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 4>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 SSL3/TLS MAC>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 received ALERT>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 46
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@925980>
<Apr 15, 2014 10:32:34 AM SGT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from serverB- 192.168.1.XXX. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <close(): 20666515>
<Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <close(): 20666515>
答案 0 :(得分:0)
您使用apache proxy(mod_weblogic),还是直接将请求直接发送到weblogic服务器。如果第二个选项为true,则必须确保服务器上有适当的证书。一切都必须有效。
还尝试检查/取消选中&#34;使用JSSE SSL&#34;:
Domain -> Servers -> choose managed node -> Configuration -> SSL -> Advanced -> Use JSSE SSL