由于“没有合适的协议”,无法加载带证书的Web服务

时间:2016-02-03 07:42:51

标签: java ssl ssl-certificate

我正在尝试加载一个带有ssl证书的Web服务,它说该服务器启动但是当我尝试使用这个Web服务(通过SOAPUI)时,我得到了“SSLHandshakeException”,在eclipse的日志中我看到了这个:

  

SSLv2Hello没有可用的密码套件没有可用的密码套件   SSLv3没有可用的TLSv1密码套件没有可用的密码套件   for TLSv1.1没有可用于TLSv1.2 qtp1589240253-57的密码套件,   致命错误:80:问题展开网络记录   javax.net.ssl.SSLHandshakeException:没有合适的协议   qtp1589240253-57,发送TLSv1警告:致命,描述=   internal_error qtp1589240253-57,WRITE:TLSv1 Alert,length = 2   qtp1589240253-57,名为closeOutbound()qtp1589240253-57,   closeOutboundInternal()

我试着查看jdk.tls.disabledAlgorithms =上的java.security文件, 但它已经评论了。

这是我的代码:

 String address = "https://localhost:8052/test";
     JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
     sf.setServiceClass(new testImpl().getClass());
     sf.setAddress(address);
     sf.getServiceFactory().setInvoker(new BeanInvoker(new
     testImpl()));
     SSLServerConfigUtil sSLServerConfigUtil = new SSLServerConfigUtil();
     sSLServerConfigUtil.setTrustpass("test123");
     sSLServerConfigUtil.setKeyStoreName("JKS");
     sSLServerConfigUtil.setFilePath("C:\\serverKeystore.jks");
     sSLServerConfigUtil.configureSSLOnTheServer(sf, 8052);

公共类SSLServerConfigUtil {

private String trustpass;
private String keyStoreName;
private String filePath;

public SSLServerConfigUtil() {

}

public JaxWsServerFactoryBean configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port, String address) {
    try {
        TLSServerParameters tlsParams = new TLSServerParameters();
        KeyStore keyStore = KeyStore.getInstance(keyStoreName);
        String password = trustpass;
        File truststore = new File(filePath);
        keyStore.load(new FileInputStream(truststore), password.toCharArray());
        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyFactory.init(keyStore, password.toCharArray());
        KeyManager[] km = keyFactory.getKeyManagers();
        tlsParams.setKeyManagers(km);

        truststore = new File(filePath);
        keyStore.load(new FileInputStream(truststore), password.toCharArray());
        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
                .getDefaultAlgorithm());
        trustFactory.init(keyStore);
        TrustManager[] tm = trustFactory.getTrustManagers();
        tlsParams.setTrustManagers(tm);

        FiltersType filter = new FiltersType();
        filter.getInclude().add(".*_EXPORT_.*");
        filter.getInclude().add(".*_EXPORT1024_.*");
        filter.getInclude().add(".*_WITH_DES_.*");
        filter.getInclude().add(".*_WITH_NULL_.*");
        filter.getExclude().add(".*_DH_anon_.*");
        filter.getInclude().add(".*_CBC_*");
        filter.getInclude().add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");

        tlsParams.setCipherSuitesFilter(filter);

        ClientAuthentication ca = new ClientAuthentication();
        ca.setRequired(true);
        ca.setWant(true);
        tlsParams.setClientAuthentication(ca);

        JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
        factory.setTLSServerParametersForPort(port, tlsParams);

    }
    catch (KeyStoreException kse) {
        System.out.println("Security configuration failed with the following: " + kse.getCause());
    }
    catch (NoSuchAlgorithmException nsa) {
        System.out.println("Security configuration failed with the following: " + nsa.getCause());
    }
    catch (FileNotFoundException fnfe) {
        System.out.println("Security configuration failed with the following: " + fnfe.getCause());
    }
    catch (UnrecoverableKeyException uke) {
        System.out.println("Security configuration failed with the following: " + uke.getCause());
    }
    catch (CertificateException ce) {
        System.out.println("Security configuration failed with the following: " + ce.getCause());
    }
    catch (GeneralSecurityException gse) {
        System.out.println("Security configuration failed with the following: " + gse.getCause());
    }
    catch (IOException ioe) {
        System.out.println("Security configuration failed with the following: " + ioe.getCause());
    }

    return sf;
}

public String getTrustpass() {
    return trustpass;
}

public void setTrustpass(String trustpass) {
    this.trustpass = trustpass;
}

public String getKeyStoreName() {
    return keyStoreName;
}

public void setKeyStoreName(String keyStoreName) {
    this.keyStoreName = keyStoreName;
}

public String getFilePath() {
    return filePath;
}

public void setFilePath(String filePath) {
    this.filePath = filePath;
}

}

服务器启动时的日志:

> found key for : myserverkey
chain [0] = [
[
  Version: V3
  Subject: CN=localhost
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key
    Parameters:DSA
    p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
    q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
    g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

  y:
    7dbaa1be 67511718 1d35eee7 6d52a7ef a204f2e4 2d0716cc 63671fac 1f094701
    91f30d6d aa79efcd c7f3c076 27f16ff3 fe1e236c 06f7de90 13f7108e 54a25487
    f40b1619 bbaf0a3a e2be9303 a458da35 8f1d5a42 5ded9e1e b55396e9 33668c46
    03edd8db 49081077 3dbcd226 69f1a537 8edaa51f d6e9701f bee09df9 46cad1f3

  Validity: [From: Thu Jan 28 08:45:23 GMT+02:00 2016,
               To: Sat Jan 27 08:45:23 GMT+02:00 2018]
  Issuer: CN=localhost
  SerialNumber: [    7879d2f7]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 FA 45 5C B0 4F 56 0B   E2 FB E3 D4 AA 90 69 0E  ..E\.OV.......i.
0010: CE 07 54 09                                        ..T.
]
]

]
  Algorithm: [SHA1withDSA]
  Signature:
0000: 30 2D 02 15 00 8E AA 9B   A8 BD 67 F4 A3 2B 66 4C  0-........g..+fL
0010: 56 12 81 51 57 08 1C 74   4C 02 14 08 F9 C5 12 0C  V..QW..tL.......
0020: 5A 3D BC 1C 5F CB D1 E9   D7 E3 01 89 36 24 4B     Z=.._.......6$K

]
***
adding as trusted cert:
  Subject: CN=localhost
  Issuer:  CN=localhost
  Algorithm: DSA; Serial number: 0x7879d2f7
  Valid from Thu Jan 28 08:45:23 GMT+02:00 2016 until Sat Jan 27 08:45:23 GMT+02:00 2018

Feb 03, 2016 8:56:33 AM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service 
Feb 03, 2016 8:56:34 AM org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be https://localhost:8052/test
Feb 03, 2016 8:58:26 AM org.eclipse.jetty.server.Server doStart
INFO: jetty-7.5.4.v20111024
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Feb 03, 2016 8:59:13 AM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started CXFJettySslSocketConnector@0.0.0.0:8052 STARTING
Feb 03, 2016 8:59:17 AM org.eclipse.jetty.server.handler.ContextHandler startContext
INFO: started o.e.j.s.h.ContextHandler{,null}
Feb 03, 2016 8:59:18 AM com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.3 (FCS b03) for context '/OnInterfaces'
Feb 03, 2016 8:59:19 AM com.sun.faces.spi.InjectionProviderFactory createInstance
INFO: JSF1048: PostConstruct/PreDestroy annotations present.  ManagedBeans methods marked with these annotations will have said annotations processed.
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Feb 03, 2016 8:59:19 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 387136 ms

任何人都可以帮忙吗? 提前谢谢!!

1 个答案:

答案 0 :(得分:0)

尝试添加从Java网站http://www.oracle.com/technetwork/es/java/javase/downloads/jce-7-download-432124.html下载的Java Criptography Extension jar文件(这是JAVA7,您应该下载所需的文件)到JAVA_HOME / jre / security / lib文件夹。 让我们知道!此致

**编辑:使用InstallCert。 1.下载并编译。 2.编辑运行配置,添加程序参数,这样:host:port passphrase(通常这个传递是" changeit") 3.使用该配置运行它。 4. Installcert创建信任库的副本,并将服务器中的证书添加到其中。 5.重命名" jssecacerts"到cacerts,并在java> jre> security> lib中替换原始cacerts文件 6.然后尝试连接到您的服务器