收到致命警报:certificate_unknown

时间:2019-05-17 09:12:41

标签: wso2 wso2-am

我尝试通过API Manager在HTTPS上添加(并使用)REST api。

因此,使用一些模式:

客户端(SoapUi)--HTTPS-> APIM --HTTPS-> REST API
结果:失败

客户端(SoapUi)--HTTP-> APIM --HTTPS-> REST API
结果:失败

在这里堆栈:

2019-05-17 10:31:02,090 [-] [HTTPS-Listener I/O dispatcher-1] ERROR SourceHandler I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
    at java.lang.Thread.run(Thread.java:745)

我认为问题出在 API Manager REST API

REST API证书的组成如下:

CA Root Sectigo  
    |  
    --> Gandi
         |
          --> wildcard's Company

我尝试添加(通过发布者的网站)通配符的公司=> 没有变化
我尝试将CA根目录添加到jvm keystore => 不变

实际上,API Manager具有默认的自签名证书。 也许这是问题的一部分。

有什么想法吗? 问候, 迈克

1 个答案:

答案 0 :(得分:0)

您需要将REST API的证书安装到API Manager中的repository/resources/security/client-truststore.jks

相关问题
最新问题