当我尝试从DB2驱动程序深处的某个位置从自动配置的自由服务器访问dashDb时,我突然收到SSL错误消息。我已在已部署的文件中验证默认密钥库已自动配置到自由服务器中。
这里发生了什么?
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.services.dal.bluemix.net, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US was sent from the target host. The signer might need to be added to local trust store /home/vcap/app/wlp/usr/servers/BluemixServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is
[err] java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.19.49] A communication error occurred during operations on the connection's underlying socket, socket input stream,
or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499
[err] at com.ibm.db2.jcc.am.kd.a(Unknown Source)
答案 0 :(得分:3)
上周五dashDB发生了变化,增强了访问dashDB的应用程序密码规范的安全性要求。如果您的应用程序在上周之前工作但现在不在,您可能需要更新密码。
答案 1 :(得分:1)
请通过this link
参阅IBM技术报告答案 2 :(得分:0)
我们可以使用以下Liberty for java buildpacks之一连接到dashDB。请尝试重新部署您的应用程序,并确保数据库URI在最后具有:sslConnection = true。
构建包