从Glassfish获取并指定.pem文件

时间:2017-02-21 17:02:44

标签: java ssl jersey certificate keystore

我可以通过指定cert.pem文件从Glassfish机器通过curl命令访问我想要的URL。

然而,在我的Java应用程序中,我尝试使用jks文件,该文件包含完全相同的信息,但是我得到了异常。

我在Java中这样做:

    System.setProperty("javax.net.ssl.keyStore", keystore_path);
    System.setProperty("javax.net.ssl.keyStorePassword", "pass123");

检索密钥库路径 
getClass().getClassLoader().getResource("/keystore.jks").getPath()

虽然我可以使用keytool实用程序查看jks文件,但我从Glassfish获得以下堆栈跟踪:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java: 141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java: 126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java: 280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 382) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java: 292) at sun.security.validator.Validator.validate(Validator.java: 260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java: 324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java: 229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 1491) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: 216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java: 979) at sun.security.ssl.Handshaker.process_record(Handshaker.java: 914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java: 543) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java: 409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: 177)

其中一个建议是指定进行单向握手,但我不确定如何指定。

另外,我可以在工作curl命令的情况下指定.pem文件,并且有任何收益吗?

1 个答案:

答案 0 :(得分:1)

您需要设置trustStore变量,而不是keyStore 

DataChanged

确保System.setProperty("javax.net.ssl.trustStore", keystore_path); System.setProperty("javax.net.ssl.trustStorePassword", "pass123"); 指向绝对位置。它无法从类路径

加载文件
相关问题
最新问题