我们有一个JavaFX应用程序在https安全资源上调用我们的后端。应用程序连续对同一个URL执行数百个请求,以从服务器获取数据。
这通常没有问题,但现在我们有一个客户在连接资源时报告SSLHandshakeException问题。他可以做几百个请求就好了,下一个,客户端失败了:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.project.common.ws.client.HttpUrlConnectionRestClient.b(ProGuard:339)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:227)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:56)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:387)
at com.project.projects.map.client.manager.GeomanagerWorker.readGeocodingChunk(ProGuard:5640)
at com.project.projects.map.client.manager.n.readGeocodingChunk(ProGuard:4337)
at com.project.projects.map.client.manager.modules.fx.imports.b.nF(ProGuard:199)
at com.project.projects.map.client.manager.modules.fx.imports.b.call(ProGuard:174)
at javafx.concurrent.Task$TaskCallable.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Java couldn't trust Server
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
... 30 more
我们的SSL证书由GeoTrust SSL CA-G3签署,有效期至2016年12月13日。 客户客户端使用Java 1.8.0_40
我研究了不同的文章。 This有人说,这可能与证书域名区分大小写的错误有关。但是我们在证书和请求上都使用了所有小写,所以应该没问题。
This文章显示,问题可能与Java版本有关,因为"可能新的Java版本更严格地强制执行SSL CA"。 它也说,升级到最新的java版本可能会解决问题。我还没有检查这个选项,因为由于公司的IT限制,客户并不总是可以升级java版本。
更重要的是,我们需要运行Java版本1.8,如果它不能与1.8.0_40版本一起使用,那就太糟糕了。
有没有人知道,如果有这个问题的确切原因?
答案 0 :(得分:0)
我有同样的问题。我必须降级到Java 1.6才能使ASDM-IDM连接器正常工作。