无法在Qpid配置中加载KeyStore文件
无法在Qpid配置中加载KeyStore文件
提问于 2017-05-10 18:17:48
我有一个好用的密钥存储文件。我使用以下命令对其进行了测试:
root@server # java -Djavax.net.ssl.trustStore=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks SSLPoke esesslx0ghk.se 9443
Successfully connected现在,我使用ServiceMix来部署qpid应用程序来路由队列。
我的配置如下:
<bean id="amqp" class="org.apache.camel.component.amqp.AMQPComponent">
<property name="connectionFactory">
<bean class="org.apache.qpid.jms.JmsConnectionFactory">
<property name="remoteURI" value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks&transport.keyStorePassword=test123" />
</bean>
</property>
</bean>但是,当我运行我的应用程序时,我会得到错误::
2017-05-10 17:30:02,591 | ERROR | mer[CSDP_output] | JmsConnectionFactory | 226 - qpid-jms-client.jar - 0.0.0 | Failed to create JMS Provider instance for: amqps
2017-05-10 17:30:02,619 | ERROR | mer[CSDP_output] | faultJmsMessageListenerContainer | 155 - org.apache.servicemix.bundles.spring-jms - 3.2.17.RELEASE_1 | Could not refresh JMS Connection for destination 'CSDP_output' - retrying in 5000 ms. Cause: Failed to create connection to: amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123; nested exception is javax.net.ssl.SSLHandshakeException: General SSLEngine problem
javax.jms.JMSException: Failed to create connection to: amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)[:1.8.0_121]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)[:1.8.0_121]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)[:1.8.0_121]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)[:1.8.0_121]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)[:1.8.0_121]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_121]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_121]
at sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)[:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)[:1.8.0_121]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)[:1.8.0_121]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)[:1.8.0_121]
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)[:1.8.0_121]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)[:1.8.0_121] 现在,一方面,我100%确信我拥有的keystore文件是正确的,并且它的路径是正确配置的。但是应用程序无法获取它。这条线有什么问题吗?
<property name="remoteURI" value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpidd.jks&transport.keyStorePassword=test123" />回答 1
Stack Overflow用户
回答已采纳
发布于 2017-05-10 21:55:47
您正在向客户端提供一个密钥存储,但通常您应该向它传递一个信任存储,因为这就是告诉客户端它信任哪个服务器证书的内容。您只在进行相互身份验证时提供密钥存储,并且客户端需要向远程提供证书。
我的第一个建议是将transport.trustStoreLocation设置为在客户机文档中定义的。
如果这样做不起作用,那么是时候对SSL握手进行一些调试了。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/43899955
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号