我有一个Rest api,正在尝试使用2种方式的SSL实现安全性。我将server.jks放置在部署应用程序的服务器上的某个位置。现在,我有另一个充当客户端的Java应用程序。我有一个identity.jks和trust.jks,如下所示
{
client.ssl.key-store=/cucumber/dev/identity.jks
client.ssl.key-store-password=changeme
client.ssl.trust-store=/cucumber/dev/trust.jks
client.ssl.trust-store-password=changeme
}
但是,当我的客户端向api发出http发布请求时,我得到了错误的证书错误,并在客户端生成了以下日志。 我没有得到这里缺少的东西。
ssl日志:
{
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
ssl: Ignoring alias server: issuers do not match
ssl: KeyMgr: no matching key found
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
ECDH Public value: { 4, 157, 56, 226, 111, 107, 118, 232, 80, 45, 243, 230, 40, 102, 248, 0, 45, 8, 136, 14, 177, 18, 135, 204, 179, 35, 160, 73, 134, 194, 251, 79, 36, 227, 96, 119, 125, 116, 170, 222, 179, 162, 179, 2, 227, 10, 51, 198, 142, 183, 70, 247, 39, 191, 105, 2, 173, 245, 11, 104, 11, 85, 19, 206, 95 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 41 04 9D 38 E2 ..........BA..8.
0010: 6F 6B 76 E8 50 2D F3 E6 28 66 F8 00 2D 08 88 0E okv.P-..(f..-...
0020: B1 12 87 CC B3 23 A0 49 86 C2 FB 4F 24 E3 60 77 .....#.I...O$.`w
0030: 7D 74 AA DE B3 A2 B3 02 E3 0A 33 C6 8E B7 46 F7 .t........3...F.
0040: 27 BF 69 02 AD F5 0B 68 0B 55 13 CE 5F '.i....h.U.._
finagle/netty4-1, WRITE: TLSv1.2 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 93 55 61 AA 21 BB 29 A9 FA B2 D9 14 9A 34 DF 90 .Ua.!.)......4..
0010: D1 2B 4E D3 0C 8A 32 E0 EB 07 84 4C F1 27 4A 22 .+N...2....L.'J"
CONNECTION KEYGEN:
Client Nonce:
0000: 5B 6D 9A 26 BB 80 E0 FB 21 14 EF EE 2C 72 F1 E2 [m.&....!...,r..
0010: B6 7C 50 A1 94 9A 20 7D 3E 0C 6F 8A 4B 3A 60 AC ..P... .>.o.K:`.
Server Nonce:
0000: 5B 6D 9A 26 A3 CE 30 1A 70 FF DA 97 E5 35 D3 17 [m.&..0.p....5..
0010: E6 60 7E 74 91 3D 0A BC F3 27 B9 BB 63 97 34 39 .`.t.=...'..c.49
Master Secret:
0000: 5F 0D 19 8D 4A 34 95 68 5E 06 D7 3B F5 1A 1E 32 _...J4.h^..;...2
0010: 07 C4 19 06 66 A7 6E A6 18 50 32 56 67 9B A6 FB ....f.n..P2Vg...
0020: F5 DF 33 9A 66 09 2F 7A DF 37 95 4E 8D BF F7 10 ..3.f./z.7.N....
Client MAC write Secret:
0000: 21 8C 67 0B BF 0C A9 19 5B 6B 27 ED 75 4E AA 49 !.g.....[k'.uN.I
0010: 90 DE EA 37 CF D5 06 19 E9 1A 96 14 3D BC 02 26 ...7........=..&
0020: B4 BA 78 A8 AC D6 0D F9 79 38 FE 94 26 2F 82 2B ..x.....y8..&/.+
Server MAC write Secret:
0000: 3C 14 31 DF 62 00 A1 41 18 1E 21 0C E1 CB 0E EF <.1.b..A..!.....
0010: B4 99 85 96 3C 30 51 FF 3C 5B D5 4E 02 EA 2A 67 ....<0Q.<[.N..*g
0020: 54 C5 72 2B 0B 45 A1 CD BC E8 AB 34 CE FD 66 64 T.r+.E.....4..fd
Client write key:
0000: 18 CF 26 CE 55 12 3C 8F 9E 9F A7 80 4D 2C B0 71 ..&.U.<.....M,.q
0010: A7 0A B9 58 07 E9 2E 38 9D AE 49 61 72 3F D1 2C ...X...8..Iar?.,
Server write key:
0000: 0A DE 66 22 5C 2F 38 1E FE 59 79 25 A3 43 6F E1 ..f"\/8..Yy%.Co.
0010: 6D 80 44 2F 60 81 1F 34 C6 C6 1B A8 63 F0 7A 56 m.D/`..4....c.zV
... no IV derived for this protocol
finagle/netty4-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 74, 37, 55, 128, 217, 164, 34, 181, 144, 55, 30, 12 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 4A 25 37 80 D9 A4 22 B5 90 37 1E 0C ....J%7..."..7..
Padded plaintext before ENCRYPTION: len = 96
0000: 54 34 9D E3 6A 86 B0 CC FC A9 2D C8 E1 AF B4 2B T4..j.....-....+
0010: 14 00 00 0C 4A 25 37 80 D9 A4 22 B5 90 37 1E 0C ....J%7..."..7..
0020: F5 A8 F5 FD 3B C7 AE B1 DC FC A1 42 95 04 27 3E ....;......B..'>
0030: 3D DF 96 C1 36 36 CF 77 5B 31 37 6A 1A C0 C9 8C =...66.w[17j....
0040: CF D1 5F 1B 21 05 4E F8 07 28 0C 4E DE 30 32 D2 .._.!.N..(.N.02.
0050: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
finagle/netty4-1, WRITE: TLSv1.2 Handshake, length = 96
[Raw write]: length = 82
0000: 16 03 03 00 4D 0B 00 00 03 00 00 00 10 00 00 42 ....M..........B
0010: 41 04 9D 38 E2 6F 6B 76 E8 50 2D F3 E6 28 66 F8 A..8.okv.P-..(f.
0020: 00 2D 08 88 0E B1 12 87 CC B3 23 A0 49 86 C2 FB .-........#.I...
0030: 4F 24 E3 60 77 7D 74 AA DE B3 A2 B3 02 E3 0A 33 O$.`w.t........3
0040: C6 8E B7 46 F7 27 BF 69 02 AD F5 0B 68 0B 55 13 ...F.'.i....h.U.
0050: CE 5F ._
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
[Raw write]: length = 101
0000: 16 03 03 00 60 36 7B 78 0F A1 87 60 1F F6 0F B8 ....`6.x...`....
0010: 72 88 86 82 35 28 57 25 59 65 D7 DB 2B 37 5C 35 r...5(W%Ye..+7\5
0020: CE 36 EC 8D 85 B0 96 8D C9 8A 9F C3 DF 88 15 65 .6.............e
0030: 3B 4A 78 7D 64 02 CD 18 92 C6 6C 47 21 24 DD 4C ;Jx.d.....lG!$.L
0040: 37 1B 9B 80 64 F3 6B 14 C9 FE 7F DA DF FF 8C 55 7...d.k........U
0050: ED CB 62 77 BF F5 E5 5F C3 99 BB 70 39 5F 28 17 ..bw..._...p9_(.
0060: 4C 8B CF 85 05 L....
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
finagle/netty4-1, READ: TLSv1.2 Alert, length = 2
finagle/netty4-1, RECV TLSv1.2 ALERT: fatal, bad_certificate
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
finagle/netty4-1, called closeOutbound()
finagle/netty4-1, closeOutboundInternal()
finagle/netty4-1, SEND TLSv1.2 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 80
0000: 4A 51 F2 C8 BA 3D 59 D1 E4 97 9D 88 98 EE 5A 44 JQ...=Y.......ZD
0010: 01 00 05 72 73 DF 87 14 B4 B8 2A 5D D8 D2 E8 92 ...rs.....*]....
0020: 86 DD 9F 47 6E 98 52 6F 76 53 96 9F B2 CF BF 22 ...Gn.RovS....."
0030: 27 20 18 FB 9D 82 CE D1 F0 6E D1 A8 73 67 E8 B5 ' .......n..sg..
0040: C8 72 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .r..............
finagle/netty4-1, WRITE: TLSv1.2 Alert, length = 80
finagle/netty4-1, called closeInbound()
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
finagle/netty4-1, called closeOutbound()
finagle/netty4-1, closeOutboundInternal()
[Raw write]: length = 85
0000: 15 03 03 00 50 D3 44 48 4B 3F 93 CE 6F 0D D8 B5 ....P.DHK?..o...
0010: DE 8B 42 4F 3A EE 65 A5 7E 8A A0 20 2B 46 4D 35 ..BO:.e.... +FM5
0020: 68 E5 CB 1A 7B FD 6F F2 F2 E4 23 1A 71 C2 CF 16 h.....o...#.q...
0030: 73 10 0A B1 86 4D 84 51 BF C8 B7 9C A5 E9 AE 20 s....M.Q.......
0040: 07 73 AD B5 4D 85 81 66 10 5E 92 5B 8C DF D4 80 .s..M..f.^.[....
0050: 9E 6D 8C 7C DC .m...
Aug 10, 2018 3:59:03 PM com.twitter.finagle.netty4.channel.ChannelExceptionHandler exceptionCaught
WARNING: Unhandled exception in connection with clrv0000082211.ic.ing.net/10.44.39.4:8086, shutting down connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
}