SSL握手失败-未找到合适的证书-未经客户端身份验证即可继续

Question

我们在WAS上部署了一个旧系统，我正尝试将其迁移到Openshift云。有一项服务可以在WAS上正常运行，但是在Openshift容器上部署时出现SSL握手失败。

我尝试了几次修复，现在可以完美地测试，但不能在PROD中使用。经过进一步分析，我发现仅当我从测试数据库切换到PROD DB时，才收到SSL握手错误（保持代码库和JKS相同）。我确实尝试了SSL调试，但发现连接到PROD DB时出现以下行，而连接到Test DB时却没有出现。

  

警告：找不到合适的证书-在没有客户的情况下继续   认证

我尝试使用-Djavax.net.ssl.trustStore和-Djavax.net.ssl.keyStore设置环境变量。我还交叉检查了两个数据库，以了解属性是否有差异，但找不到任何差异。

*** CertificateRequest

Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA

证书颁发机构：

<Empty>

update handshake state: unknown[13]

upcoming handshake states: server_hello_done[14]

upcoming handshake states: client certificate[11](optional)

upcoming handshake states: client_key_exchange[16]

upcoming handshake states: certificate_verify[15](optional)

upcoming handshake states: client change_cipher_spec[-1]

upcoming handshake states: client finished[20]

upcoming handshake states: server change_cipher_spec[-1]

upcoming handshake states: server finished[20]

pool-6-thread-1, READ: TLSv1.2 Handshake, length = 4

check handshake state: server_hello_done[14]

update handshake state: server_hello_done[14]

upcoming handshake states: client certificate[11](optional)

upcoming handshake states: client_key_exchange[16]

upcoming handshake states: certificate_verify[15](optional)

upcoming handshake states: client change_cipher_spec[-1]

upcoming handshake states: client finished[20]

upcoming handshake states: server change_cipher_spec[-1]

upcoming handshake states: server finished[20]

ServerHelloDone

  

警告：找不到合适的证书-在没有客户的情况下继续   认证

证书链

<Empty>

update handshake state: certificate[11]

upcoming handshake states: client_key_exchange[16]

upcoming handshake states: certificate_verify[15](optional)

upcoming handshake states: client change_cipher_spec[-1]

upcoming handshake states: client finished[20]

upcoming handshake states: server change_cipher_spec[-1]

upcoming handshake states: server finished[20]