Springboot相互SSL认证的CertificateException

时间:2018-06-08 10:14:03

标签: java spring-boot authentication ssl

我开发了一个简单的SpringBoot应用程序,它是一个具有SSL相互身份验证的服务器。

在客户端,我使用的证书产生以下问题:

https-jsse-nio-38025-exec-9, fatal error: 46: General SSLEngine problem
java.security.cert.CertificateException: Certificate contains unsupported 
critical extensions: [2.5.29.32]
%% Invalidated:  [Session-14, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
https-jsse-nio-38025-exec-9, SEND TLSv1.2 ALERT:  fatal, description = 
certificate_unknown
https-jsse-nio-38025-exec-9, WRITE: TLSv1.2 Alert, length = 2
https-jsse-nio-38025-exec-9, fatal: engine already closed.  Rethrowing 
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
https-jsse-nio-38025-exec-9, called closeOutbound()
https-jsse-nio-38025-exec-9, closeOutboundInternal()

我知道此错误的原因,我的证书包含不受支持的关键扩展程序。 现在,假设更改证书不是解决方案,我如何管理此问题以绕过此检查,或允许我的关键扩展?

也接受了肮脏的解决方法。

在我的application.properties的摘录下面,如果可以帮助

server.ssl.key-store=*****
server.ssl.key-store-password=*****
server.ssl.key-alias=*****
server.ssl.key-password=*****
server.ssl.enabled=true
server.port=*****
security.user.name=*****
security.user.password=*****
#
server.ssl.trust-store=*****
server.ssl.trust-store-password=*****
server.ssl.client-auth=need

0 个答案:

没有答案