我开发了一个简单的SpringBoot应用程序,它是一个具有SSL相互身份验证的服务器。
在客户端,我使用的证书产生以下问题:
https-jsse-nio-38025-exec-9, fatal error: 46: General SSLEngine problem
java.security.cert.CertificateException: Certificate contains unsupported
critical extensions: [2.5.29.32]
%% Invalidated: [Session-14, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
https-jsse-nio-38025-exec-9, SEND TLSv1.2 ALERT: fatal, description =
certificate_unknown
https-jsse-nio-38025-exec-9, WRITE: TLSv1.2 Alert, length = 2
https-jsse-nio-38025-exec-9, fatal: engine already closed. Rethrowing
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
https-jsse-nio-38025-exec-9, called closeOutbound()
https-jsse-nio-38025-exec-9, closeOutboundInternal()
我知道此错误的原因,我的证书包含不受支持的关键扩展程序。 现在,假设更改证书不是解决方案,我如何管理此问题以绕过此检查,或允许我的关键扩展?
也接受了肮脏的解决方法。
在我的application.properties的摘录下面,如果可以帮助
server.ssl.key-store=*****
server.ssl.key-store-password=*****
server.ssl.key-alias=*****
server.ssl.key-password=*****
server.ssl.enabled=true
server.port=*****
security.user.name=*****
security.user.password=*****
#
server.ssl.trust-store=*****
server.ssl.trust-store-password=*****
server.ssl.client-auth=need