文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >JavaMail (TLS):验证验证路径的异常失败

JavaMail (TLS):验证验证路径的异常失败
EN

Stack Overflow用户
提问于 2016-02-29 16:56:58
回答 1查看 905关注 0票数 1

当试图使用JavaMail库验证TLS连接时,我随机地得到以下验证错误:

代码语言:javascript
复制
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
   javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我正在一台Linux机器上运行,使用jdk1.7.0并使用最新的jdk的仙人掌文件(本文编写时为1.8.0_73),我已将smtp服务器证书导入到该文件。

smtp服务器是一个交换服务器,具有纯文本TLS验证。

我随机地说,因为有时连接成功,而在另一些时候,它抱怨无法识别证书验证路径,并且失败,似乎没有给定的模式。

通常重试连接是有效的,尽管重试的次数不一致,有时不需要,有时需要2或3,有时超过20。

为了消除任何外部影响,我编写了一个简单的邮件发送应用程序,用于调查这个问题(我们的应用程序运行在Tomcat部署上),因此我可以确定问题在于以下其中之一:

  • JDK
  • JavaMail库
  • 网络连通性

我的问题是,是否有人意识到这种行为背后的任何限制/错误/问题?

现在,重新尝试连接就够了,但是我们的项目需要让它成为永久的解决方案,因为许多消息是异步发送的,如果连接失败,用户将得不到失败的反馈。

编辑:更多信息

服务器证书是通过openssl检索的,即以下命令:

代码语言:javascript
复制
openssl s_client -connect exchange.***.com:25 -starttls smtp 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem

注意,如果没有starttls参数,该命令将无法工作(需要一段时间才能弄清楚,因为大多数在线资源(包括此处所述的)都不包括该步骤)。原始openssl命令的(清理)输出如下:

代码语言:javascript
复制
depth=0 CN = smtpserver-ch-01
verify error:num=20:unable to get local issuer certificate

verify return:1
depth=0 CN = smtpserver-ch-01
verify error:num=21:unable to verify the first certificate
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=smtpserver-ch-01
   i:/CN=smtpserver-ch-01
---
Server certificate
-----BEGIN CERTIFICATE-----
  *** CERTIFICATE DATA
-----END CERTIFICATE-----
subject=/CN=smtpserver-ch-01
issuer=/CN=smtpserver-ch-01
---
No client certificate CA names sent
---
SSL handshake has read *** bytes and written *** bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: ***
    Session-ID-ctx: 
    Master-Key: ***
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: ***
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
250 XSHADOW

下面是javax.net.debug=ssl输出的大规模打印:(希望这是发布这些大量文本转储的好形式)

代码语言:javascript
复制
Sending message to test@server.com; Attempt attempt 0 of 20...
keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: certs/cacerts_1.8.0_73
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:

   ** Standard certificates **

adding as trusted cert:
  Subject: CN=smtpserver-ch-01
  Issuer:  CN=smtpserver-ch-01
  Algorithm: RSA; Serial number: **********************************
  Valid from ddd MMM DD 00:00:00 CEST 2013 until ddd MMM DD 00:00:00 CEST 2018

adding as trusted cert:

   ** The rest of the standard certificates **

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: XXX bytes = { XXX, ··· XXX }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: exchange.***.com]
***
main, WRITE: TLSv1 Handshake, length = **
main, READ: TLSv1 Handshake, length = ***
*** ServerHello, TLSv1
RandomCookie:  GMT: XXX bytes = { XXX, ··· XXX }
Session ID:  {XX, ··· XXX}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smtpserver-ch-02
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, xxx bits
  modulus: ***
  public exponent: ***
  Validity: [From: ddd MMM DD 00:00:00 CEST 2013,
               To: ddd MMM DD 00:00:00 CEST 2018]
  Issuer: CN=smtpserver-ch-02
  SerialNumber: [    xxx ]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: smtpserver-ch-02
  DNSName: smtpserver-ch-02.domain.com
]

]
  Algorithm: [SHA1withRSA]
  Signature:

  *** SIGNATURE HEX DUMP ***

]
***
%% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed attempt: javax.mail.MessagingException: Can't send command to SMTP host


Sending message to test@server.com; Attempt attempt 1 of 20...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: XXX bytes = { XXX, ··· XXX }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: exchange.***.com]
***
main, WRITE: TLSv1 Handshake, length = **
main, READ: TLSv1 Handshake, length = **
*** ServerHello, TLSv1
RandomCookie:  GMT: XXX bytes = { XXX, ··· XXX }
Session ID:  {XXX, ··· XXX}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smtpserver-ch-02
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: ***
  public exponent: ***
  Validity: [From: ddd MMM DD 00:00:00 CEST 2013,
               To: ddd MMM DD 00:00:00 CEST 2018]
  Issuer: CN=smtpserver-ch-02
  SerialNumber: [    xxx]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: smtpserver-ch-02
  DNSName: smtpserver-ch-02.domain.com
]

]
  Algorithm: [SHA1withRSA]
  Signature:

  *** SIGNATURE HEX DUMP ***
]
***
%% Invalidated:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed attempt: javax.mail.MessagingException: Can't send command to SMTP host


Sending message to test@server.com; Attempt attempt 2 of 20...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: XXX bytes = { XXX, ··· XXX }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension server_name, server_name: [host_name: exchange.***.com]
***
main, WRITE: TLSv1 Handshake, length = **
main, READ: TLSv1 Handshake, length = **
*** ServerHello, TLSv1
RandomCookie:  GMT: *** bytes = { XXX, ··· XXX }
Session ID:  {XXX, ··· XXX}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-3, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=smtpserver-ch-01
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: ***
  public exponent: ***
  Validity: [From: ddd MMM DD 00:00:00 CEST 2013,
               To: ddd MMM DD 00:00:00 CEST 2018]
  Issuer: CN=smtpserver-ch-01
  SerialNumber: [    XXX]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: smtpserver-ch-01
  DNSName: smtpserver-ch-01.domain.com
]

]
  Algorithm: [SHA1withRSA]
  Signature:

  *** SIGNATURE HEX DUMP ***

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=smtpserver-ch-01
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: ***
  public exponent: ***
  Validity: [From: ddd MMM DD 00:00:00 CEST 2013,
               To: ddd MMM DD 00:00:00 CEST 2018]
  Issuer: CN=smtpserver-ch-01
  SerialNumber: [    XXX]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: smtpserver-ch-01
  DNSName: smtpserver-ch-01.domain.com
]

]
  Algorithm: [SHA1withRSA]
  Signature:

    *** SIGNATURE HEX DUMP ***

]
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = ***
SESSION KEYGEN:
PreMaster Secret:
  *** HEX DUMP
CONNECTION KEYGEN:
Client Nonce:
  *** HEX DUMP
Server Nonce:
  *** HEX DUMP
Master Secret:
  *** HEX DUMP
Client MAC write Secret:
  *** HEX DUMP
Server MAC write Secret:
  *** HEX DUMP
Client write key:
  *** HEX DUMP
Server write key:
  *** HEX DUMP
Client write IV:
  *** HEX DUMP
Server write IV:
  *** HEX DUMP
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { XXX, ··· XXX }
***
main, WRITE: TLSv1 Handshake, length = **
main, READ: TLSv1 Change Cipher Spec, length = **
main, READ: TLSv1 Handshake, length = **
*** Finished
verify_data:  { XXX, ··· XXX }
***
%% Cached client session: [Session-3, TLS_RSA_WITH_AES_128_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = ****
main, READ: TLSv1 Application Data, length = ***
main, WRITE: TLSv1 Application Data, length = **
main, WRITE: TLSv1 Application Data, length = **
main, READ: TLSv1 Application Data, length = **
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = **
main, called closeSocket(selfInitiated)
Message sent!

前面的日志显示了两次连接尝试失败,第三次尝试成功。

如下面的评论所提到的,exchange.*.com主机似乎是在重定向到不同的主机,每个主机都有自己的证书,因为当向CN=smtpserver-ch-02,提供证书时,连接失败,而当有CN=smtpserver-ch-01.证书时,连接就会成功。

如果是这样的话,那么解决方案可能是执行几次openssl命令,以便检索这两个证书并将它们添加到信任库中。

编辑(解决了):上述解决方案起作用了,我多次启动了openssl命令,并比较了结果数据,直到分离出我需要的两个唯一证书。

将它们导入信任库后,一切都正常工作。

java
email
ssl
smtp
jakarta-mail
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2016-03-02 22:44:50

看起来,您从两个不同的服务器获得了两个不同的证书,因此必须将它们添加到信任存储中。或者你可以设置mail.smtp.ssl.trust性质

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/35705129

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档