我需要使用CXF开发一个SOAP客户端来调用测试环境中的Web服务。我从网络服务提供商(外部机构)收到了测试.P12证书。
此证书尚未从CA发布。 我已将(仅用于测试目的)CA添加到cacerts文件中。 但是在发送消息时我收到的内容最终是这样的响应:
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: ISO-8859-1
Content-Type: text/xml
Headers: {connection=[close], content-type=[text/xml], X-Backside-Transport=[FAIL FAIL]}
Payload: <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>Rejected by policy. (from client)</faultstring></env:Fault></env:Body></env:Envelope>
--------------------------------------
在握手过程中,我也可以看到这一点(激活javax.net.debug = ssl 我用一些XXYY 替换了日志中的真实CA详细信息):
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<CN=CA XYZ xyz Test, OU=XXYYXX xxyy, O=xxyy, C=XX>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
我已经尝试了一些已在SO上发布的解决方案,但似乎没有什么对我有用。任何的想法?非常感谢!