SSLException错误证书
我有一个简短的任务,就是扩展一个简单的Java服务器,让它在Ubuntu上支持SSL。
好的,首先,我这样做:
私有静态SSLServerSocketFactory工厂;
private static SSLServerSocket serverSocket;
public SimpleWebServer () throws Exception {
//dServerSocket = new ServerSocket (PORT);
factory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket)factory.createServerSocket(8081);
}
public void run() throws Exception {
while (true) {
/* wait for a connection from a client */
//Socket s = dServerSocket.accept();
SSLSocket s = (SSLSocket)serverSocket.accept();
/* then process the client's request */
processRequest(s);
}
} 看起来很好,我按如下方式运行服务器:
java -Djavax.net.ssl.keyStore=com/learnsecurity/keystore.jks -Djavax.net.ssl.keyStorePassword=123456 com/learnsecurity/SimpleWebServer 然而,当我从火狐向https://localhost:8081发送一个请求时,服务器向我抛出了这个垃圾:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1796)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1039)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1574)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:705)
at sun.security.ssl.ServerHandshaker.sendChangeCipherAndFinish(ServerHandshaker.java:1297)
at sun.security.ssl.ServerHandshaker.clientFinished(ServerHandshaker.java:1257)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:244)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:978)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1223)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:838)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:94)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:282)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:324)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:176)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:153)
at java.io.BufferedReader.readLine(BufferedReader.java:316)
at java.io.BufferedReader.readLine(BufferedReader.java:379)
at com.learnsecurity.SimpleWebServer.processRequest(SimpleWebServer.java:62)
at com.learnsecurity.SimpleWebServer.run(SimpleWebServer.java:45)
at com.learnsecurity.SimpleWebServer.main(SimpleWebServer.java:178) 我按照本教程生成了证书:http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
我一直在四处寻找,试图找到一个解决方案,但我一直没有运气。我在想,既然服务器正在运行,那一定是与证书有关。有人能给我指个方向吗?
回答 2
Stack Overflow用户
发布于 2013-07-17 01:54:06
好吧,我不知道这里到底发生了什么,但我用某种魔法修复了它。
我想看看是什么导致了这个异常,所以我用一个SSLHandshakeException的try catch包装了processRequest()。突然,Firefox对我大喊大叫,说证书是不可信的(好兆头)。因此,我添加了来自服务器的证书,突然之间连接就可以工作了。我关闭了火狐,然后再试一次,现在它又因为一个NullPointerException而坏了。好了,我用一个NullPointerException try catch..now包装了我的请求解析器,它工作起来没有任何问题。我甚至不知道--有人能解释一下这种疯狂吗?
Stack Overflow用户
发布于 2013-07-16 06:35:59
您的服务器很好,并且它已经准备好接受来自它“信任”的客户端的SSL连接,这意味着其证书在您服务器的密钥库中可用。在上面的例子中,这是不正确的,因为FireFox中的证书不会在服务器的密钥库中作为受信任的证书列出。因此,导出Firefox证书并将其作为受信任证书导入服务器的密钥库中。
How to export certificates from FireFox
How to export certificates from Firefox 2
https://stackoverflow.com/questions/17663976
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号