ssl handshake_failure客户端证书未发送

时间:2018-11-21 20:40:33

标签: sslhandshakeexception

我遇到ssl handshake_failure问题。 与外部Web服务的新集成要求通过Https进行通信,它们为我提供了三个证书(根+共享+客户端),因此 我已经在JDK中安装了所有三个证书,当我尝试调用此Web服务时,总是出现异常:

exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

所以我通过将此属性 -Djavax.net.debug = all 添加到我的应用程序中来跟踪我与服务器之间的握手通信

我发现,一旦启动,所有三个证书都将上传到应用程序

adding as trusted cert:
  Subject: CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
  Issuer:  CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
  Algorithm: RSA; Serial number: -----
  Valid from Wed Oct 15 12:41:37 AST 2014 until Sat Oct 15 13:11:37 AST 2039

adding as trusted cert:
  Subject: CN=10.10.10.10, OU=EXA eTrust Center, O=EXA, C=SA
  Issuer:  CN=EXA Shared CA, OU=EXA eTrust Center, O=EXA, C=SA
  Algorithm: RSA; Serial number: -----
  Valid from Thu Nov 11 12:33:30 AST 2015 until Mon Nov 26 13:03:30 AST 2018

adding as trusted cert:
  Subject: CN=EXA Shared CA, OU=EXA eTrust Center, O=EXA, C=SA
  Issuer:  CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
  Algorithm: RSA; Serial number: ------
  Valid from Thu Oct 25 07:56:05 AST 2014 until Wed Oct 16 08:26:05 AST 2024

然后我发现系统没有发送客户端证书,我也不知道为什么?

*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
[read] MD5 and SHA1 hashes:  len = 36

Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange

我的问题是:

  • 您认为问题是什么?
  • 为什么jdk找不到合适的证书并将其加载到受信任的证书中?
  • JDK将基于什么寻找合适的客户端证书?所以我可以确定为什么JDK找不到它

@@ update

  • 您是否认为自另一个IP的证书CN以来我的设备(IP)出现问题?

0 个答案:

没有答案