我有一个spring-boot内部网webapp,因为它在公司内部使用,所以不需要ssl安全。
该应用调用外部https端点。要调用https端点,我使用InstallCert.java生成新的信任存储,并使用此处显示的过程导入调用https URL所需的证书。
执行> java InstallCert hosturl生成jssecacerts信任库并导入证书
我有以下作为我的application.proeprties
server.port: 8080
server.contextPath=/mpservice
management.port: 9001
management.address: 127.0.0.1
logging.file=mpservice.log
logging.level.root=INFO
logging.level.org.springframework.web=DEBUG
server.ssl.key-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
server.ssl.key-store-password=changeit
server.ssl.client-auth=need
server.ssl.trust-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
server.ssl.trust-store-password=changeit
tomcat服务器启动正常,因为日志显示在下面但是当我点击端点时,浏览器说localhost没有发送任何数据。
2016-08-01 19:18:20.968 INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (https)
2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment : Adding [server.ports] PropertySource with highest search precedence
2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment : Adding [server.ports] PropertySource with highest search precedence
2016-08-01 19:18:20.976 INFO 16944 --- [main] o.s.c.support.DefaultLifecycleProcessor : Starting beans in phase 0
2016-08-01 19:18:21.418 INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (https)
当我在application.properties中注释掉server.ssl。*属性时,一切正常,除了发布到https端点,它会按预期抛出以下异常。任何建议都非常感谢。
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:80)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 29 more
我也尝试过设置以下系统属性
static
{
System.setProperty("javax.net.ssl.trustStore","C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStore", "C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
}
即使使用上面的代码,我也得到了javax.net.ssl.SSLHandshakeException:
我一直试图让这个配置在过去两天工作,但收效甚微。请帮忙。