我在linux上运行jetty,并使用ssl。我有一个自签名证书,一切正常,在浏览器中;我只需要告诉浏览器信任证书,因为它来自不受信任的来源。但是,如果我尝试从我的Web应用程序访问链接(如图像; https://www.xxxx.com/pictures/picture.jpg),它会给我一个错误:
07/16 08:14:28.708 WARN [log] () EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:631)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
我认为我需要让客户信任自签名证书。我试过这个:
使用keytool为代理创建证书:
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
导出经纪人的证书,以便与客户共享:
keytool -export -alias broker -keystore broker.ks -file broker_cert
为客户创建证书/密钥库:
keytool -genkey -alias client -keyalg RSA -keystore client.ks
为客户创建信任库,并导入代理的证书:
keytool -import -alias broker -keystore client.ts -file broker_cert
当我启动Jetty时,我将这些包括在内:
javax.net.ssl.keyStore = /路径/到/ client.ks
javax.net.ssl.keyStorePassword =密码
javax.net.ssl.trustStore中= /路径/到/ client.ts
我确保jetty使用我通过浏览器生成的证书。我错过了什么?
答案 0 :(得分:0)
购买了服务器的证书,解决了这个问题。