访问dashDB数据源时,Bluemix自由运行时握手失败

时间:2017-03-14 17:52:30

标签: ibm-cloud datasource websphere-liberty

当我尝试从DB2驱动程序深处的某个位置从自动配置的自由服务器访问dashDb时,我突然收到SSL错误消息。我已在已部署的文件中验证默认密钥库已自动配置到自由服务器中。

这里发生了什么?

 java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: 
 [ERROR   ] CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN CN=*.services.dal.bluemix.net, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US was sent from the target host.  The signer might need to be added to local trust store /home/vcap/app/wlp/usr/servers/BluemixServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig.  The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is
 [err] java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.19.49] A communication error occurred during operations on the connection's underlying socket, socket input stream, 
 or socket output stream.  Error location: Reply.fill() - socketInputStream.read (-1).  Message: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499
 [err]     at com.ibm.db2.jcc.am.kd.a(Unknown Source)

3 个答案:

答案 0 :(得分:3)

上周五dashDB发生了变化,增强了访问dashDB的应用程序密码规范的安全性要求。如果您的应用程序在上周之前工作但现在不在,您可能需要更新密码。

答案 1 :(得分:1)

请通过this link

参阅IBM技术报告

答案 2 :(得分:0)

我们可以使用以下Liberty for java buildpacks之一连接到dashDB。请尝试重新部署您的应用程序,并确保数据库URI在最后具有:sslConnection = true。

构建包

  • buildpack_liberty-for-java_v3.8-20170308-1507.zip(最新)
  • buildpack_liberty-for-java_v3.4.1-20161030-2241.zip(最旧的)