Websphere + Tomcat:CertificateException

时间:2017-06-04 13:44:19

标签: java tomcat websphere

我在2个不同的服务器上部署了2个应用程序  应用程序在Websphere上的Tomcat和CAS(中央身份验证)上。我创建了密钥库文件,并在tomcat conf。{/ p>中的server.xml中更新了该文件

请查看以下条目。

Tomcat:

<Environment name="config/centralCasServerLoginURL" 
type="java.lang.String" value="https://localhost:9443/my-sso-web/login?
method=POST"/>
Tomcat: <Environment name="config/applicationServiceURL" 
type="java.lang.String" value="https://localhost:8443/bank-client-
web/j_spring_cas_security_check"/>*

<Connector SSLEnabled="true" clientAuth="false" 
keystoreFile="C:\tmp\newKeystore1" 
         keystorePass="password" maxThreads="200" port="8443"
         protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" 
secure="true" sslProtocol="TLS"/>*

我可以单独运行两个应用程序,但是当我在那个时间配置CASAuthentication配置文件时,我能够登录CAS,但在重定向到我的GUI应用程序URL(即https://localhost:8443/bank-client-web/j_spring_cas_security_check)后,它会抛出以下错误。

你能帮帮我吗?

SEVERE: Servlet.service() for servlet [default] in context with path [/bank-
client-web] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: No name matching localhost found
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
    at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:131)
    at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:117)
    at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
Caused by: javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: No name matching localhost found
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)     
Caused by: java.security.cert.CertificateException: No name matching localhost found
    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
    ... 55 more

1 个答案:

答案 0 :(得分:0)

这只是您的客户端库执行严格的主机名验证,将URL中的“localhost”与WebSphere证书有效的主机进行比较。

最简单的解决方法是通过它的实际主机名而不是localhost来解决此服务器。