我正在尝试使用ssl密钥库连接到另一台计算机上的MBean Server但是我看到了这个错误。我在另一台服务器上也有一个密钥库和信任库。我还注意到两台机器都有不同的java版本。我不确定这是不是问题,或者我是否遗漏了什么。
java.rmi.ConnectIOException: Exception creating connection to: 10.1.7.259; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:631)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:130)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2432)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
at com.stop.monitor.giab.JMXListenerClient.connect(JMXListenerClient.java:153)
at com.stop.monitor.giab.JMXListenerClient.main(JMXListenerClient.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:262)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:121)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 9 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1617)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
at javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:207)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:117)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
at sun.rmi.transport.DGCImpl_Stub.dirty(Unknown Source)
at sun.rmi.transport.DGCClient$EndpointEntry.makeDirtyCall(DGCClient.java:361)
at sun.rmi.transport.DGCClient$EndpointEntry.registerRefs(DGCClient.java:303)
at sun.rmi.transport.DGCClient.registerRefs(DGCClient.java:139)
at sun.rmi.transport.ConnectionInputStream.registerRefs(ConnectionInputStream.java:94)
at sun.rmi.transport.StreamRemoteCall.releaseInputStream(StreamRemoteCall.java:157)
at sun.rmi.transport.StreamRemoteCall.done(StreamRemoteCall.java:313)
at sun.rmi.server.UnicastRef.done(UnicastRef.java:451)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:118)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:205)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1957)
at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1924)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
... 3 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:767)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:733)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at java.security.Provider$Service.newInstance(Provider.java:1595)
... 29 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 39 more
答案 0 :(得分:0)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
来自TrustManagerFactoryImpl
来自SSLContextImpl$DefaultSSLContext.getDefaultTrustManager
使用密码执行keytool -list ,确保您的信任库有效(请勿点击返回以绕过它)。我不认为在JKS中创建 trustedcert 条目是不可能的,这些条目在Java版本之间是不兼容的(在某些情况下是 privatekey 条目)但是在安全的条件下一方使用有问题的客户端使用的JRE的keytool - 当然还有相同的文件。
确保系统属性javax.net.ssl.trustStore具有文件名(如果不是默认值,JRE / lib / security / [jsse] cacerts)并且javax.net.ssl.trustStorePassword具有正确的密码(始终)。
此外,如果信任库格式不是JKS(或最新的Java 8 JRE中的PKCS12,其默认值为keystore.type.compat),请指定javax.net.ssl.trustStoreType。但是那些知道如何创建像这样的不寻常商店的人不会问你的问题。
答案 1 :(得分:0)
问题是防火墙的问题。这是因为用于连接的url没有指定第二个端口。所以,它只使用了一个随机端口。
//did not use second port. resulted in using random second port
String url = "service:jmx:rmi://somehost:9010/jndi/rmi://somehost/jmxrmi";
final JMXConnector jmxConnector = JMXConnectorFactory.connect(url);
//this worked because now we are using 1 port
String url="service:jmx:rmi://somehost:9010/jndi/rmi://somehost:9010/jmxrmi";
final JMXConnector jmxConnector = JMXConnectorFactory.connect(url);