使用自定义jks文件时，Path不与任何信任锚链接

Question

2016-11-05T18:34:42.381+0530|Severe: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at com.oracle.iot.client.impl.http.HttpClient$Transport.invokeMethod(HttpClient.java:114)
    at com.oracle.iot.client.impl.http.HttpClient.post(HttpClient.java:175)
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.postRenewAccessToken(HttpSecureConnectionImpl.java:318)
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.renewAccessToken(HttpSecureConnectionImpl.java:343)
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.invoke(HttpSecureConnectionImpl.java:131)
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.get(HttpSecureConnectionImpl.java:75)
    at com.oracle.iot.client.impl.DeviceModelFactory.getObject(DeviceModelFactory.java:204)
    at com.oracle.iot.client.impl.DeviceModelFactory.getDeviceModel(DeviceModelFactory.java:151)
    at com.oracle.iot.client.impl.DeviceModelFactory.getDeviceModel(DeviceModelFactory.java:76)
    at com.oracle.iot.client.device.DirectlyConnectedDevice.getDeviceModel(DirectlyConnectedDevice.java:328)
    at oracle.iot.client.device.DirectlyConnectedDevice.getDeviceModel(DirectlyConnectedDevice.java:214)
    at com.smartcommunity.parking.GatewayAdapter.init(GatewayAdapter.java:94)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1583)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:1212)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:237)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:416)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:283)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl$2.checkServerTrusted(HttpSecureConnectionImpl.java:268)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 53 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:153)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
    at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl$2.checkServerTrusted(HttpSecureConnectionImpl.java:264)
    ... 55 more

创建一个.key和.crt文件，将CN作为 iotserver 添加，并在/ etc / hosts /中为10.203.139.103 iotserver添加条目。

执行的步骤：

• 在服务器上创建了一个.key文件，即机器10.203.139.103

openssl genrsa -des3 -out apache.key 2048 [passphrase: changeit]

     

- 使用密钥

创建.crt

openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout apache.key -out apache.crt -days

 Country Name (2 letter code) [XX]:23

 State or Province Name (full name) []:abc

 Locality Name (eg, city) [Default City]:abc

 Organization Name (eg, company) [Default Company Ltd]:xyz

 Organizational Unit Name (eg, section) []:xyz

 Common Name (eg, your name or your server's hostname) []:iotserver

 Email Address []:email@email.com

• goto / usr / java / latest / jre / lib / security并将.crt文件导入cacerts

_keytool -import -alias ca -file /etc/httpd/ssl/apache.crt -keystore cacerts -storepass_

• 重启httpd服务 -

    

  service httpd restart

在我的设备端，在/ etc / hosts /

中添加条目

  

10.203.139.103 iotserver

执行，检查在服务器上创建的新证书：

  

openssl s_client -connect iotserver：443   这显示了我在云实例上创建的证书[在上面创建]

现在执行，下载证书链：

  

openssl s_client -host -port 443 -showcerts＆gt; /scratch/iot/apache_cert_chain.crt

转到/ usr / java / latest / jre / lib / security并执行，导入证书链

  

keytool -import -alias ca -file /scratch/iot/apache_cert_chain.crt-keystore cacerts -storepass changeit

重新启动httpd服务。但是对于通过设备进行连接，我正在使用上面提供的URI创建.jks文件，但它失败并出现错误

  

SSLHandshakeException：java.security.cert.CertificateException：java.security.cert.CertPathValidatorException：Path不与任何信任锚链接