无法安装SSL证书的Java应用程序

Question

我有点类似的情况解释在this的问题。我在特定的链接上也有一个WSDL。当我打开这个链接时，我会得到IE中的There is a problem with this website's security certificate...错误。当我单击“继续”时，它将打开WSDL文件。

现在，我正在用Java为这个Now服务编写一个客户机。它抛出以下异常：

Exception in thread "main" com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.

java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.245.196 found while opening stream from https://172.17.245.196/ews/Services.wsdl
java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names matching IP address 172.17.245.196 found while opening stream from https://172.17.245.196/ews/Services.wsdl?wsdl
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown Source)
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)    
    at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
    at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown Source)
    at javax.xml.ws.Service.<init>(Unknown Source)
    at com.microsoft.schemas.exchange.services._2006.messages.ExchangeWebService.<init>(ExchangeWebService.java:58)
    at com.xyz.cms.EWSJavaAPI.ExchangeAuthenticator.getExchangeServicePort(ExchangeAuthenticator.java:32)
    at com.xyz.cms.test.ExchangeDevelopmentTest.main(ExchangeDevelopmentTest.java:31)

因此，我想这与解析证书有关，而且由于上述线程上的人得到了类似的异常，我正在尝试那里建议的解决方案--使用keytool.exe下载证书并将证书添加到私有程序，尽管我真的认为我还没有完全理解证书内容和keytool。

所以我

• 通过在浏览器中访问链接下载证书，然后复制粘贴到eclipse中的app目录中。
• 同时，我将粘贴的$JAVA_HOME/lib/security/cacerts复制到我的应用程序目录中。因此，到目前为止，我的应用程序层次结构在eclipse中看起来是这样的：

​

• 然后打开命令提示符并导航到app目录。
• 最后执行命令(如该线程中所建议的)。它给了我以下输出。它给了我以下输出

​

然而，它给了我完全相同的例外。我该怎么办？

编辑

这是我为Exchange服务编写java客户端的工作。它们是ExchangeAuthenticator，用于管理对Exchange的web服务身份验证请求，以及包含测试上述类功能的主要方法的ExchangeDevelopmentTest。A这是代码：

ExchangeAuthenticator

public class ExchangeAuthenticator {    
/**
 * Obtains an authenticated ExchangeServicePortType with given credentials.
 *     
 */
    public ExchangeServicePortType getExchangeServicePort(String username, String password, String domain, URL wsdlURL) throws MalformedURLException {
        // Concatinate our domain and username for the UID needed in authentication.
        String uid = "domain" + "\\" + "uname";

        // Create an ExchangeWebService object that uses the supplied WSDL file, wsdlURL.
        ExchangeWebService exchangeWebService = new ExchangeWebService(wsdlURL, new QName("<a href=\"http://schemas.microsoft.com/exchange/services/2006/messages\">http://schemas.microsoft.com/exchange/services/2006/messages</a>", "ExchangeWebService"));
        ExchangeServicePortType port = exchangeWebService.getExchangeWebPort();
        // Supply your username and password when the ExchangeServicePortType is used for binding in the SOAP request.
        ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, uid);
        ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

        return port;
    }
}

ExchangeDevelopmentTest

public class ExchangeDevelopmentTest {    
    public static void main (String[] args) {
        ExchangeAuthenticator exchangeAuthenticator = new ExchangeAuthenticator();

        // Print statement so we can easily see where our statements start in the Java console.
        System.out.println("Let's get started!");

        try {
            // Create a URL object which points at the .wsdl we deployed in the previous step.
            URL wsdlURL = new URL("https://172.17.245.196/ews/Services.wsdl");
            //URL wsdlURL = new URL("<a href=\"https://172.17.245.196/ews/Services.wsdl\">https://172.17.245.196/ews/Services.wsdl</a>");
            // Call to the class we just created to return an ExchangeServicePortType with authentication credentials.
            ExchangeServicePortType port = exchangeAuthenticator.getExchangeServicePort("uname", "password@123", "domain", wsdlURL);

            // Prints out the default toString() for the ExchangeServicePortType.
            System.out.println(port.toString());
        } catch (MalformedURLException ex) {
            // Catch any errors that may occur.
            Logger.getLogger(ExchangeDevelopmentTest.class.getName()).log(Level.SEVERE, null, ex);
            System.out.println(ex.getMessage()+"\n"+ex.getStackTrace());
        }
    }
}

Answer 1

问题是您的证书不是针对172.17.245.196 IP地址颁发的，因此用于解析WSDL的客户端不信任它。该IP地址应位于证书的主题字段中。

您的证书是否受官方证书颁发机构的信任，还是自签名？您可能需要Java来信任它。将其添加到keystore中，然后设置系统属性：

System.setProperty("javax.net.ssl.keyStore", "lfkeystore2");
System.setProperty("javax.net.ssl.keyStorePassword", "wshr.ut");