有客户端和服务器模块。这两个模块都部署在443和8443端口(https)上的嵌入式tomcat容器中。对于每个模块,指定了以下配置示例(在spring-boot application-https.properties中):
#client
server.port=443
server.ssl.key-store=classpath:client-keystore.jks
server.ssl.key-store-password=client-keystore-pass
server.ssl.key-password=client-key-pass
server.ssl.trust-store=classpath:client-truststore.jks
server.ssl.trust-store-password=client-truststore-pass
#server
server.port=8443
server.ssl.key-store=classpath:server-keystore.jks
server.ssl.key-store-password=server-keystore-pass
server.ssl.key-password=server-key-pass
server.ssl.trust-store=classpath:server-truststore.jks
server.ssl.trust-store-password=server-truststore-pass
密钥库和证书的生成如下:
keytool -genkeypair -alias server-keypair -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=server,O=example.com" -keypass server-key-pass -keystore server-keystore.jks -storepass server-keystore-pass -ext san=dns:localhost
keytool -exportcert -alias server-keypair -file server-public-key.cer -keystore server-keystore.jks -storepass server-keystore-pass
keytool -importcert -keystore client-truststore.jks -alias server-public-key -file server-public-key.cer -storepass client-truststore-pass -noprompt
keytool -genkeypair -alias client-keypair -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=client,O=example.com" -keypass client-key-pass -keystore client-keystore.jks -storepass client-keystore-pass -ext san=dns:localhost
keytool -exportcert -alias client-keypair -file client-public-key.cer -keystore client-keystore.jks -storepass client-keystore-pass
keytool -importcert -keystore server-truststore.jks -alias client-public-key -file client-public-key.cer -storepass server-truststore-pass -noprompt
客户端尝试访问服务器方法' / ping'但失败了:
" https://localhost:8443/ping"的GET请求发生I / O错误: sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到所请求目标的有效证书路径;嵌套异常是 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到所请求目标的有效证书路径
我认为问题在于它无法找到相应的可信证书。查看客户端和服务器日志。
客户端日志的片段:
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1492968872 bytes = { 122, 185, 155, 157, 162, 122, 13, 22, 130, 69, 5, 212, 104, 156, 236, 21, 7, 5, 10, 118, 225, 119, 204, 197, 119, 71, 218, 51 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
main, WRITE: TLSv1.2 Handshake, length = 161
main, READ: TLSv1.2 Handshake, length = 1203
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1492968872 bytes = { 67, 233, 215, 38, 120, 118, 20, 192, 136, 203, 117, 93, 119, 58, 154, 49, 182, 103, 0, 120, 195, 147, 38, 22, 174, 224, 117, 60 }
Session ID: {89, 253, 230, 168, 47, 236, 148, 163, 4, 86, 231, 18, 116, 107, 249, 240, 36, 144, 228, 219, 71, 77, 15, 66, 190, 167, 13, 226, 95, 238, 183, 143}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=server, O=example.com
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16395633118756910027307786059594003602424782222606565910337550060908536298801174254632657544879537262094461451346219502757033857307571844657739767071036889717826387604089928884679390329877033966916175374004613622786740797504438976382866577264443059096891472723014174538058226555331443341009455479083583931320725095623525897039749701781104729471039035076119274189413857721785010757543567230018443782297097827183111043265398765503566151229256856786723441081439208963102430925580594555422331624337325788268369166029643139661336445322824913420707315576933941674401285439027030973786186023857115674616086965563274612260461
public exponent: 65537
Validity: [From: Sat Nov 04 16:57:14 2017,
To: Tue Nov 02 16:57:14 2027]
Issuer: CN=server, O=example.com
SerialNumber: [ 40eb7950]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: localhost
]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F7 3F E9 03 D7 A4 AA C7 65 E8 CD 6D AB 70 FF F0 .?......e..m.p..
0010: EA E6 2F F0 ../.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 34 BA 11 06 65 17 04 C2 5B 04 86 07 6C F1 92 F0 4...e...[...l...
0010: 4B F6 17 37 7E F8 47 1C 75 19 CF 75 22 10 82 4C K..7..G.u..u"..L
0020: 83 35 A2 46 CC 1D 3A 92 98 27 8F 31 FC 85 F1 D2 .5.F..:..'.1....
0030: FC C2 20 27 C4 29 0F BE 2E 2F F1 0A 84 9F 9A 03 .. '.).../......
0040: 76 14 DD FB 6D E6 B6 AA E4 1D 50 0E 18 A3 E7 19 v...m.....P.....
0050: 0F 10 1F 26 A7 92 FE 37 71 28 0C 4C 75 BC AF E0 ...&...7q(.Lu...
0060: F8 8A 42 87 EF 7E 01 25 F1 C7 40 8B AB F5 1C 4D ..B....%..@....M
0070: AD AF 29 4C C4 71 8C 15 49 D6 E9 63 25 4D 92 49 ..)L.q..I..c%M.I
0080: 65 FC DD AA 41 1A F9 CB 01 DC D7 39 BD 67 5B CB e...A......9.g[.
0090: BA FD 7E 3D 9D E2 DF 2D C6 B8 C2 5A 3A 5C 06 ED ...=...-...Z:\..
00A0: FC 86 1C 29 19 B8 2E A4 36 7C B0 09 67 A4 5E A2 ...)....6...g.^.
00B0: 31 7B C5 B7 E1 EC B3 4C 17 EE AE 0D B7 CF B0 67 1......L.......g
00C0: 3D C4 7F 1D D3 C1 C0 0C 42 8B 1A BC C6 71 5D A2 =.......B....q].
00D0: AF 12 54 F0 B2 23 E4 49 16 C3 1A 7A 62 C5 65 AE ..T..#.I...zb.e.
00E0: B3 D3 D6 BF ED F1 D6 65 FA 70 96 BC 9A 1F 48 2B .......e.p....H+
00F0: 71 49 6B 33 31 05 FF EF 38 26 4A BB C4 80 8F 58 qIk31...8&J....X
]
***
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2017-11-04 19:11:20.818 INFO 1000 --- [ main] utoConfigurationReportLoggingInitializer :
Error starting ApplicationContext. To display the auto-configuration report re-run your application with 'debug' enabled.
2017-11-04 19:11:20.859 ERROR 1000 --- [ main] o.s.boot.SpringApplication : Application startup failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:735) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:716) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.afterRefresh(SpringApplication.java:703) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:304) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at com.example.client.ClientApplication.main(ClientApplication.java:36) [classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_144]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_144]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [client-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [client-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [client-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [client-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://localhost:8443/ping": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:666) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:312) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at com.example.client.ClientApplication.pingServer(ClientApplication.java:42) [classes!/:0.0.1-SNAPSHOT]
at com.example.client.ClientApplication.run(ClientApplication.java:30) [classes!/:0.0.1-SNAPSHOT]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:732) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
... 14 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_144]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) ~[na:1.8.0_144]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) ~[na:1.8.0_144]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) ~[na:1.8.0_144]
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:78) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:652) ~[spring-web-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
... 19 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_144]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_144]
at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_144]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_144]
... 34 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_144]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_144]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_144]
... 40 common frames omitted
2017-11-04 19:11:20.863 INFO 1000 --- [ main] ationConfigEmbeddedWebApplicationContext : Closing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@6d21714c: startup date [Sat Nov 04 19:11:15 2017]; root of context hierarchy
2017-11-04 19:11:20.871 INFO 1000 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Unregistering JMX-exposed beans on shutdown
服务器日志的片段:
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1492968872 bytes = { 122, 185, 155, 157, 162, 122, 13, 22, 130, 69, 5, 212, 104, 156, 236, 21, 7, 5, 10, 118, 225, 119, 204, 197, 119, 71, 218, 51 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: server-keypair
Standard ciphersuite chosen: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
%% Negotiating: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1492968872 bytes = { 67, 233, 215, 38, 120, 118, 20, 192, 136, 203, 117, 93, 119, 58, 154, 49, 182, 103, 0, 120, 195, 147, 38, 22, 174, 224, 117, 60 }
Session ID: {89, 253, 230, 168, 47, 236, 148, 163, 4, 86, 231, 18, 116, 107, 249, 240, 36, 144, 228, 219, 71, 77, 15, 66, 190, 167, 13, 226, 95, 238, 183, 143}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=server, O=example.com
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16395633118756910027307786059594003602424782222606565910337550060908536298801174254632657544879537262094461451346219502757033857307571844657739767071036889717826387604089928884679390329877033966916175374004613622786740797504438976382866577264443059096891472723014174538058226555331443341009455479083583931320725095623525897039749701781104729471039035076119274189413857721785010757543567230018443782297097827183111043265398765503566151229256856786723441081439208963102430925580594555422331624337325788268369166029643139661336445322824913420707315576933941674401285439027030973786186023857115674616086965563274612260461
public exponent: 65537
Validity: [From: Sat Nov 04 16:57:14 2017,
To: Tue Nov 02 16:57:14 2027]
Issuer: CN=server, O=example.com
SerialNumber: [ 40eb7950]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: localhost
]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F7 3F E9 03 D7 A4 AA C7 65 E8 CD 6D AB 70 FF F0 .?......e..m.p..
0010: EA E6 2F F0 ../.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 34 BA 11 06 65 17 04 C2 5B 04 86 07 6C F1 92 F0 4...e...[...l...
0010: 4B F6 17 37 7E F8 47 1C 75 19 CF 75 22 10 82 4C K..7..G.u..u"..L
0020: 83 35 A2 46 CC 1D 3A 92 98 27 8F 31 FC 85 F1 D2 .5.F..:..'.1....
0030: FC C2 20 27 C4 29 0F BE 2E 2F F1 0A 84 9F 9A 03 .. '.).../......
0040: 76 14 DD FB 6D E6 B6 AA E4 1D 50 0E 18 A3 E7 19 v...m.....P.....
0050: 0F 10 1F 26 A7 92 FE 37 71 28 0C 4C 75 BC AF E0 ...&...7q(.Lu...
0060: F8 8A 42 87 EF 7E 01 25 F1 C7 40 8B AB F5 1C 4D ..B....%..@....M
0070: AD AF 29 4C C4 71 8C 15 49 D6 E9 63 25 4D 92 49 ..)L.q..I..c%M.I
0080: 65 FC DD AA 41 1A F9 CB 01 DC D7 39 BD 67 5B CB e...A......9.g[.
0090: BA FD 7E 3D 9D E2 DF 2D C6 B8 C2 5A 3A 5C 06 ED ...=...-...Z:\..
00A0: FC 86 1C 29 19 B8 2E A4 36 7C B0 09 67 A4 5E A2 ...)....6...g.^.
00B0: 31 7B C5 B7 E1 EC B3 4C 17 EE AE 0D B7 CF B0 67 1......L.......g
00C0: 3D C4 7F 1D D3 C1 C0 0C 42 8B 1A BC C6 71 5D A2 =.......B....q].
00D0: AF 12 54 F0 B2 23 E4 49 16 C3 1A 7A 62 C5 65 AE ..T..#.I...zb.e.
00E0: B3 D3 D6 BF ED F1 D6 65 FA 70 96 BC 9A 1F 48 2B .......e.p....H+
00F0: 71 49 6B 33 31 05 FF EF 38 26 4A BB C4 80 8F 58 qIk31...8&J....X
]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 92416907423797917108651411220949227236045261472538924138175892631080121076586
public y coord: 52570159133152996394643964235748475641135431426241901245432881975987053534228
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
https-jsse-nio-8443-exec-1, WRITE: TLSv1.2 Handshake, length = 1203
https-jsse-nio-8443-exec-2, READ: TLSv1.2 Alert, length = 2
https-jsse-nio-8443-exec-2, RECV TLSv1.2 ALERT: fatal, certificate_unknown
https-jsse-nio-8443-exec-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
https-jsse-nio-8443-exec-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
https-jsse-nio-8443-exec-2, called closeOutbound()
https-jsse-nio-8443-exec-2, closeOutboundInternal()
https-jsse-nio-8443-exec-2, SEND TLSv1.2 ALERT: warning, description = close_notify
https-jsse-nio-8443-exec-2, WRITE: TLSv1.2 Alert, length = 2
显示源代码和完整日志here。
可能是什么问题?建议如何解决。