我正在尝试从我的应用程序连接Rest服务。我的应用程序已部署到WAS服务器。
我正在使用Spring RestTemplate来使用其他服务,并且在我的本地WAS设置中一切正常。
但是当我将我的代码部署到QA环境(较低的环境区域)时,我的日志文件中出现了以下错误。
[4/30/18 17:18:22:355 EDT] 00000207 SystemErr R org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://host:port/resourcename": com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXX Root CA, O="The XXX Services Group, Inc." is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error; nested exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=XXX Root CA, O="The XXX Services Group, Inc." is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[4/30/18 17:18:22:355 EDT] 00000207 SystemErr R at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607)
[4/30/18 17:18:22:356 EDT] 00000207 SystemErr R at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:557)
[4/30/18 17:18:22:357 EDT] 00000207 SystemErr R at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:357)
我已使用签名者证书选项导入了端口和主机的证书,但问题仍未解决(也尝试导入根证书)。谁能让我知道可能是什么问题?
答案 0 :(得分:0)
这看起来像您使用的JVM不相信其中一个中间证书,如错误所示。
您需要检索整个证书链,而不仅仅是根CA证书和服务器证书。您可以使用浏览器或foreach (var item in ID)
{
try
{
List<string> resultList = new List<string>();
url = string.Format(HttpContext.Current.Session["url"].ToString() +
ConfigurationManager.AppSettings["propertyURL"].ToString(),
HttpContext.Current.Session["ObjectID"].ToString(), item);
var request1 = WebRequest.Create(url);
request1.Headers["X-Authentication"] = HttpContext.Current.Session["vaultToken"].ToString();
request1.Method = "GET";
request.Headers.Add("Cache-Control", "no-cache");
//// Get the response.
var response1 = request1.GetResponse();
var deserializer1 = new DataContractJsonSerializer(typeof(PropertyValue[]));
var result1 = (PropertyValue[])deserializer1.ReadObject(response1.GetResponseStream());
}
catch (Exception ex)
{
}
}
来检索证书链。您的客户端JVM必须信任证书链中的每个证书。