我在https中使用自签名证书(在server.xml中描述)运行IBM Liberty服务器(在IBM Container上)。
我正在根据数据库需求连接到IBM cloudant数据库。一切正常,直到我将自由服务器切换到https。我得到以下除了
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
我按照此处的文档https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.html将openssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert
生成的云端证书导入自由信任库,但这并未解决问题。
感谢您的帮助。
答案 0 :(得分:1)
尝试使用:openssl s_client -connect xxxxx-bluemix.cloudant.com:443其中xxxxx-bluemix.cloudant.com是指您的Bluemix Cloudant服务实例。
您可以通过Cloudant服务实例在Bluemix中启动Cloudant仪表板来获取服务实例域。单击右上角的API选项卡。