IBM Liberty和Cloudant之间的SSL握手失败

时间:2016-07-11 18:30:26

标签: ssl ssl-certificate ibm-cloud websphere-liberty cloudant

我在https中使用自签名证书(在server.xml中描述)运行IBM Liberty服务器(在IBM Container上)。

我正在根据数据库需求连接到IBM cloudant数据库。一切正常,直到我将自由服务器切换到https。我得到以下除了

[ERROR   ] CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host.  The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error

我按照此处的文档https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.htmlopenssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert生成的云端证书导入自由信任库,但这并未解决问题。

感谢您的帮助。

1 个答案:

答案 0 :(得分:1)

尝试使用:openssl s_client -connect xxxxx-bluemix.cloudant.com:443其中xxxxx-bluemix.cloudant.com是指您的Bluemix Cloudant服务实例。

您可以通过Cloudant服务实例在Bluemix中启动Cloudant仪表板来获取服务实例域。单击右上角的API选项卡。