首页

收到致命警报:bad_certificate

sockets ssl java truststore x509certificate
2022-09-02 01:50:40

我正在尝试设置 SSL 套接字连接(并在客户端上执行以下操作)

  1. 我生成证书签名请求以获取已签名的客户端证书

  2. 现在我有一个私钥(在 CSR 期间使用)、一个签名的客户端证书和根证书(带外获取)。

  3. 我将私钥和签名的客户端证书添加到证书链,并将其添加到密钥管理器。和信任管理器的根证书。但是我收到一个错误的证书错误。

我很确定我使用的是正确的证书。我是否也应该将已签名的客户端证书添加到信任管理器?试过了,仍然没有运气。

//I add the private key and the client cert to KeyStore ks
FileInputStream certificateStream = new FileInputStream(clientCertFile);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate[] chain = {};
chain = certificateFactory.generateCertificates(certificateStream).toArray(chain);
certificateStream.close();
String privateKeyEntryPassword = "123";
ks.setEntry("abc", new KeyStore.PrivateKeyEntry(privateKey, chain),
        new KeyStore.PasswordProtection(privateKeyEntryPassword.toCharArray()));

//Add the root certificate to keystore jks
FileInputStream is = new FileInputStream(new File(filename));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
java.security.cert.X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
System.out.println("Certificate Information: ");
System.out.println(cert.getSubjectDN().toString());
jks.setCertificateEntry(cert.getSubjectDN().toString(), cert);

//Initialize the keymanager and trustmanager and add them to the SSL context
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "123".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(jks);

我需要在此处创建某种证书链吗?
我也有一个带有这些组件的p12,并且在使用非常相似的代码,将私钥添加到密钥管理器中,并将根证书从p12添加到信任管理器中,我可以使其工作。但现在我需要让它在没有p12的情况下工作。

编辑:请求堆栈跟踪。希望这应该足够了。(注意:我屏蔽了文件名)

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at client.abc2.openSocketConnection(abc2.java:33)
at client.abc1.runClient(abc1.java:63)
at screens.app.abc.validateLogin(abc.java:197)
... 32 more

答案 1

您还需要将根证书添加到密钥库。


答案 2

当我删除这2行时,我得到了这个错误。如果您知道您的密钥库具有正确的证书,请确保您的代码正在查看正确的密钥库。

System.setProperty("javax.net.ssl.keyStore", <keystorePath>));
System.setProperty("javax.net.ssl.keyStorePassword",<keystorePassword>));

我还需要这个VM参数:有关更多详细信息,请参阅此处:https://stackoverflow.com/a/34311797/1308453-Djavax.net.ssl.trustStore=/app/certs/keystore.jk


推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »