我遇到ssl handshake_failure问题。 与外部Web服务的新集成要求通过Https进行通信,它们为我提供了三个证书(根+共享+客户端),因此 我已经在JDK中安装了所有三个证书,当我尝试调用此Web服务时,总是出现异常:
exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
所以我通过将此属性 -Djavax.net.debug = all 添加到我的应用程序中来跟踪我与服务器之间的握手通信
我发现,一旦启动,所有三个证书都将上传到应用程序
adding as trusted cert:
Subject: CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
Issuer: CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
Algorithm: RSA; Serial number: -----
Valid from Wed Oct 15 12:41:37 AST 2014 until Sat Oct 15 13:11:37 AST 2039
adding as trusted cert:
Subject: CN=10.10.10.10, OU=EXA eTrust Center, O=EXA, C=SA
Issuer: CN=EXA Shared CA, OU=EXA eTrust Center, O=EXA, C=SA
Algorithm: RSA; Serial number: -----
Valid from Thu Nov 11 12:33:30 AST 2015 until Mon Nov 26 13:03:30 AST 2018
adding as trusted cert:
Subject: CN=EXA Shared CA, OU=EXA eTrust Center, O=EXA, C=SA
Issuer: CN=EXA Root CA, OU=EXA eTrust Center, O=EXA, C=SA
Algorithm: RSA; Serial number: ------
Valid from Thu Oct 25 07:56:05 AST 2014 until Wed Oct 16 08:26:05 AST 2024
然后我发现系统没有发送客户端证书,我也不知道为什么?
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
[read] MD5 and SHA1 hashes: len = 36
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
我的问题是:
@@ update