引入客户端的中间证书时,Clinet服务器相互身份验证失败

时间:2019-10-24 09:04:55

标签: ssl curl openssl jetty-9 mutual-authentication

我有一个客户,其中间证书位于客户证书本身中。此中间证书由存储在服务器信任库中的根CA签名。

现在我正在运行curl命令: curl -v -X GET -H "Accept: application/json" -H "Accept-Challenge: SW" --cert /opt/store/certificate.pem --key /opt/store/certificate_key.pem --cacert /opt/store/cms-ca.cert -w "%{http_code}" https://127.0.0.1:2443/v1/keys/1234/transfer

请注意: certificate.pem:包含客户的证书+中间证书。

cms-ca-cert:包含服务器信任库中的根CA。

certficate_key.pem:客户端的私钥。

输出:

* Connected to 127.0.0.1 (127.0.0.1) port 2443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /opt/skc/store/cms-ca.cert
  CApath: none
* NSS: client certificate from file
*       subject: CN=skcUser@ngnix
*       start date: Oct 24 05:23:17 2019 GMT
*       expire date: Oct 24 05:23:17 2020 GMT
*       common name: skcUser@ngnix
*       issuer: CN=CMS TLS Client CA,O=INTEL,L=SC,ST=SF,C=US
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 0
curl: (35) Encountered end of file

我从服务器日志中收到以下错误:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_191]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_191]
        at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_191]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_191]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:279) ~[na:1.8.0_191]
        at sun.security.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:130) ~[na:1.8.0_191]
        at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1970) ~[na:1.8.0_191]
        ... 12 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_191]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_191]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_191]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_191]
        ... 18 common frames omitted

我没有解决该问题的方法。

0 个答案:

没有答案
相关问题
最新问题