我们已部署了WSO2 API Manager来公开系统的API。当我们发布带有https目标端点的API(例如:https://abc.d.e :)时,请求失败并出现以下异常。
TID: [-1234] [] [2017-06-26 06:46:43,226] ERROR {org.wso2.carbon.apimgt.hostobje
cts.APIProviderHostObject} - Error occurred while connecting to backend : https
://list-micro.aws.na.sysco.net:9090, reason : sun.security.validator.ValidatorEx
ception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBu
ilderException: unable to find valid certification path to requested target {org
.wso2.carbon.apimgt.hostobjects.APIProviderHostObject}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
ption: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
答案 0 :(得分:0)
Wso2 / Carbon使用Java 8 ..请记住,显然SSL客户端不能很好地解析SNI,这是一个问题。因此,如果您在1个IP地址上使用多个证书,则可能是这样:
http://javabreaks.blogspot.com/2015/12/java-ssl-handshake-with-server-name.html