从spring-boot app调用SSL端点

时间:2016-08-02 00:31:58

标签: ssl spring-security https spring-boot truststore

我有一个spring-boot内部网webapp,因为它在公司内部使用,所以不需要ssl安全。

该应用调用外部https端点。要调用https端点,我使用InstallCert.java生成新的信任存储,并使用此处显示的过程导入调用https URL所需的证书。

https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

执行> java InstallCert hosturl生成jssecacerts信任库并导入证书

我有以下作为我的application.proeprties

 server.port: 8080
 server.contextPath=/mpservice
 management.port: 9001
 management.address: 127.0.0.1
 logging.file=mpservice.log
 logging.level.root=INFO
 logging.level.org.springframework.web=DEBUG

 server.ssl.key-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
 server.ssl.key-store-password=changeit
 server.ssl.client-auth=need
 server.ssl.trust-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
 server.ssl.trust-store-password=changeit

tomcat服务器启动正常,因为日志显示在下面但是当我点击端点时,浏览器说localhost没有发送任何数据。

 2016-08-01 19:18:20.968  INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (https)
    2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment     : Adding [server.ports] PropertySource with highest search precedence
    2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment     : Adding [server.ports] PropertySource with highest search precedence
    2016-08-01 19:18:20.976  INFO 16944 --- [main] o.s.c.support.DefaultLifecycleProcessor  : Starting beans in phase 0
    2016-08-01 19:18:21.418  INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (https)

当我在application.properties中注释掉server.ssl。*属性时,一切正常,除了发布到https端点,它会按预期抛出以下异常。任何建议都非常感谢。

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:80)
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596)
    ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 29 more

我也尝试过设置以下系统属性

static
    {
        System.setProperty("javax.net.ssl.trustStore","C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
        System.setProperty("javax.net.ssl.keyStore", "C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");            
    }

即使使用上面的代码,我也得到了javax.net.ssl.SSLHandshakeException:

我一直试图让这个配置在过去两天工作,但收效甚微。请帮忙。

0 个答案:

没有答案