进行https调用

时间:2018-01-04 17:37:46

标签: java ssl jboss jvm resttemplate

我有部署在测试环境中并在WildFly 8.2.1 Final上运行的Web服务。

该服务使用以下网址进行GET https呼叫:https://train.cashnet.com

问题:在成功调用上述端点数小时后,我开始获得javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

当我重新启动WildFly服务器时,问题就会消失,但几个小时后它就会再次出现。

我已检查https://train.cashnet.com

使用的证书

enter image description here

并验证它存在于服务器实例上的path-to-jre/lib/security/cacerts目录中,我可以从应用程序以编程方式获取它(我已经创建了返回可用证书列表的端点)。

UPDADE (提供有效证书):

  

" [\ n [\ n版本:V3 \ n主题:CN = GeoTrust SSL CA - G3,O = GeoTrust   Inc.,C = US \ n签名算法:SHA256withRSA,OID =   1.2.840.113549.1.1.11 \ n \ n密钥:Sun RSA公钥,2048位\ n模数:   287500305051656048908502708056213062570728043879374906158247705238203213625509377808500359946830545880555087486962051175066749858656536255434630629251062228577286177110644168118409965362442977735303947554030236929611859807044712​​96075689618905841805280863747434432441027316024968573511986381257910569786560233452976395052435967005000570194527947098842065537915042318598723531518795601302291733897107118135130366085680274591705427460152216995720185506015185633329842959670187299414247347586421938382568908384120224025448454551141331962396420208135784878289124860435208739614728353739364385405169171116352649372320734821 \ n   公共指数:65537 \ n有效期:[来自:美国东部时间05月16日16:36:50   2013年,\ n收件人:5月20日星期五17:36:50 EDT 2022] \ n发行人:   CN = GeoTrust Global CA,O = GeoTrust Inc.,C = US \ n SerialNumber:[
  023a6f] \ n \ n证书扩展名:8 \ n 1:ObjectId:1.3.6.1.5.5.7.1.1   Criticality = false \ nAuthorityInfoAccess [\ n [\ n} accessMethod:ocsp \ n   accessLocation:URIName:http://g2.symcb.com \ n] \ n] \ n \ n [2]:ObjectId:   2.5.29.35 Criticality = false \ nAuthorityKeyIdentifier [\ nKeyIdentifier [\ n0000:C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65   .z.h ..... d ..... e \ n0010:B8 CA CC 4E
  ... N \ n] \ n] \ n \ n [3]:ObjectId:2.5.29.19   Criticality = true \ nBasicConstraints:[\ n CA:true \ n   PathLen:0 \ n] \ n \ n [4]:ObjectId:2.5.29.31   Criticality = false \ nCRLDistributionPoints [\ n [DistributionPoint:\ n
  [URIName:http://g1.symcb.com/crls/gtglobal.crl] \ n]] \ n \ n [5]:ObjectId:   2.5.29.32 Criticality = false \ nCertificatePolicies [\ n [CertificatePolicyId:   [2.16.840.1.113733.1.7.54] \ n [PolicyQualifierInfo:[\ n qualifierID:   1.3.6.1.5.5.7.2.1 \ n限定符:0000:16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F。%http://www.geo \ n0010:74 72 75 73 74 2E 63 6F <登记/>   6D 2F 72 65 73 6F 75 72 trust.com/resour\n0020:63 65 73 2F 63 70 73   ces / cps \ n \ n]]] \ n] \ n \ n [6]:ObjectId:2.5.29.15   Criticality = true \ nKeyUsage [\ n Key_CertSign \ n Crl_Sign \ n] \ n \ n [7]:   ObjectId:2.5.29.17 Criticality = false \ nSubjectAlternativeName [\ n   CN = SymantecPKI-1-539 \ n] \ n \ n [8]:ObjectId:2.5.29.14   Criticality = false \ nSubjectKeyIdentifier [\ nKeyIdentifier [\ n0000:D2]   6F F7 96 F4 85 3F 72 3C 30 7D 23 DA 85 78 9B   .o ....?r&lt; 0。#.. x。\ n0010:A3 7C 5A 7C
  ..Z。\ n] \ n] \ n \ n] \ n算法:[SHA256withRSA] \ n签名:\ n0000:A0   D4 F7 2C FB 74 0B 7F 64 F1 CD 43 6A 9F 62 53   ...,。t..d..Cj.bS \ n0010:1C 02 7C 98 90 A2 EE 4F 68 D4 20 1A 73 12 3E   77 .......哦。 .s。&gt; w \ n0020:B3 50 EB 72 BC EE 88 BE 7F 17 EA 77 8F   83 61 95 .P.r ....... w..a。\ n0030:4F 84 A1 CB 32 4F 6C 21 BE D2 69   96 7D 63 BD DC O ... 2Ol!.. i..c .. \ n0040:2B A8 1F D0 13 84 70 FE F6   35 95 89 F9 A6 77 B0 + ..... p..5 .... w。\ n0050:46 C8 BB B7 13 F5 C9 60   69 D6 4C FE D2 8E EF D3 F ...... i.L.....\n0060: 60 C1 80 80 E1 E7 FB 8B 6F 21 79 4A E0 DC A9 1B ....... o!yJ .... \ n0070:C1 B7 FB C3 49   59 5C B5 77 07 44 D4 97 FC 49 00 .... IY \ .w.D ... I. \ n0080:89 6F 06   4E 01 70 19 AC 2F 11 C0 E2 E6 0F 2F 86 .o.N.p ../...../。\ n0090:4B   8D 7B C3 B9 A7 2E F4 F1 AC 16 3E 39 49 51 9E   K ..........&gt; 9IQ。\ n00A0:17 4B 4F 10 3A 5B A5 A8 92 6F FD FA D6 0B 03   4D .KO。:[... o ..... M \ n00B0:47 56 57 19 F3 CB 6B F5 F3 D6 CF B0 F5   F5 A3 11 GVW ... k .......... n00C0:D2 20 53 13 34 37 05 2C 43 5A 63   DF 8D 40 D6 85。 S.47。,CZc .. @ .. \ n00D0:1E 51 E9 51 17 1E 03 56 C9   F1 30 AD E7 9B 11 A2 .Q.Q ... V..0 ..... \ n00E0:B9 D0 31 81 9B 68 B1 D9   E8 F3 E6 94 7E C7 AE 13 ..1..h .......... \ n00F0:2F 87 ED D0 25 B0 68   F9 DE 08 5A F3 29 CC D4 92 /...%。h ... Z。)... \ n \ n]&#34;

所以,我很困惑,不明白它的根源是什么。例外情况告诉我们JVM无法找到可信证书,但它是如何发现的,因为应用程序可以在开始时执行成功的https调用。

有人能告诉我这个证书会发生什么,为什么JVM可以停止看到它?

0 个答案:

没有答案
相关问题
最新问题