我正在尝试建立SSL连接。我的密钥库,服务器和客户端都有两个证书。证书将在ssl连接的开头添加。
adding as trusted cert:
Subject: CN=Obafemi Omotayo Temitope, OU=Software Development, O=AEDC, L=Wuse,
ST=Abuja, C=NG
Issuer: CN=Obafemi Omotayo Temitope, OU=Software Development, O=AEDC, L=Wuse,
ST=Abuja, C=NG
Algorithm: RSA; Serial number: 0x3fc060e2
Valid from Thu Feb 23 13:08:19 WAT 2017 until Fri Jul 01 13:08:19 WAT 2044
adding as trusted cert:
Subject: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
Issuer: CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA
Algorithm: DSA; Serial number: 0x31d201e4
Valid from Tue Feb 14 08:22:37 WAT 2017 until Fri Feb 12 08:22:37 WAT 2027
当服务器要求我的客户端提供其证书及其所需的证书类型时,它指定了这一点。
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA,
SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA,
SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<CN=Obafemi Omotayo Temitope, OU=Software Development, O=AEDC, L=Wuse, ST=Abuja,
C=NG>
<CN=Asif Hassan, OU=TSS, O=ONtec, L=CPT, ST=WP, C=ZA>
但是仍然没有找到合适的证书。
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authenticatio
n
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, DH
DH Public key: { 210, 185, 215, 1, 166, 65, 189, 42, 115, 29, 19, 11, 177, 116,
250, 113, 141, 75, 49, 88, 30, 109, 9, 117, 75, 218, 128, 18, 34, 225, 165, 31,
171, 4, 236, 76, 171, 189, 42, 20, 90, 143, 60, 116, 42, 170, 90, 152, 161, 88,
36, 93, 208, 16, 25, 35, 172, 219, 6, 220, 123, 48, 156, 227, 164, 115, 95, 17,
31, 133, 110, 51, 211, 101, 59, 59, 158, 205, 18, 103, 146, 228, 165, 135, 79,
58, 204, 23, 24, 236, 121, 82, 169, 39, 28, 114, 108, 208, 124, 10, 4, 222, 222,
98, 214, 213, 54, 143, 79, 190, 237, 147, 240, 180, 162, 93, 248, 39, 102, 79,
185, 155, 217, 160, 9, 248, 219, 178 }
main, WRITE: TLSv1.2 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 5C 16 85 E1 0D A0 B0 0E 0C F7 DD FE C5 17 6D DD \.............m.
0010: 96 3B 22 CC 64 40 BA 06 BE 74 AC 4F 24 D8 0D 4D .;".d@...t.O$..M
0020: 2D 20 B5 32 5E AF 14 C2 93 54 9D 20 F7 0F 35 8B - .2^....T. ..5.
0030: 6C D7 83 77 6B 68 DA 57 2B B8 0E 4F F1 2A 1D 2A l..wkh.W+..O.*.*
0040: 5D 28 D8 CC D6 66 DB 30 0A D2 1D 12 CB EB A4 5B ](...f.0.......[
0050: 6D F5 BD FC A9 01 C1 18 20 7A 57 93 38 7B 7A 71 m....... zW.8.zq
0060: 82 3F 97 9B 4C 32 E8 DF C2 BA 7E AF CF 8E FA 9C .?..L2..........
0070: 8E EF 75 8E 69 89 AF 47 63 03 DD 93 DE 58 BB D2 ..u.i..Gc....X..
CONNECTION KEYGEN:
Client Nonce:
0000: 58 AF F6 30 4A 8C BC C8 BC CD 53 C3 3C 42 23 A2 X..0J.....S.<B#.
0010: 32 85 88 E3 98 AF 65 A6 13 37 05 1A 24 BE 70 E1 2.....e..7..$.p.
Server Nonce:
0000: 58 AF F6 3B 67 B4 16 77 98 F0 F7 C6 92 6B 98 93 X..;g..w.....k..
0010: 9B A6 58 3B C8 DA FB 6E 6D E3 7B E7 EB DD 99 6A ..X;...nm......j
Master Secret:
0000: 3E 72 1C 51 A0 3E 8E 56 4E 6C 98 78 EC 00 56 F5 >r.Q.>.VNl.x..V.
0010: 5B 48 D1 A2 68 A4 30 7B 00 3A 05 E7 51 01 34 05 [H..h.0..:..Q.4.
0020: 95 89 F2 B0 EE 5B AC 93 0C 9A 80 83 B6 96 10 2B .....[.........+
Client MAC write Secret:
0000: 0C 58 F3 BF DF 6F 7A 13 1A C1 E8 8E 14 6D A0 9E .X...oz......m..
0010: 8D D9 36 32 DA 47 CC 4E AB AB 5C 78 DF 8E 46 35 ..62.G.N..\x..F5
Server MAC write Secret:
0000: 85 5F B7 FB 27 05 7C 06 07 2F 94 D5 24 43 E3 5C ._..'..../..$C.\
0010: AD FE FA D2 4E A6 57 C4 66 6A 9E 4C 67 87 A4 56 ....N.W.fj.Lg..V
Client write key:
0000: 05 69 E4 FA 23 D8 84 57 33 A8 C2 A7 95 A8 E7 08 .i..#..W3.......
Server write key:
0000: 82 1B B3 00 63 47 97 A7 88 C1 4A 79 12 AE 2F 85 ....cG....Jy../.
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 91, 43, 28, 71, 119, 99, 55, 53, 239, 0, 198, 192 }
***
main, WRITE: TLSv1.2 Handshake, length = 80
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal al
ert: bad_certificate
<Empty>
***
我真的不知道为什么会这样,而且真的很令人沮丧。有人能帮助我吗?...我已经在这几个月了。