SSL握手异常 [英] SSL HandShake exception

问题描述

我使用SSL连接将Web客户端连接到服务器.很长一段时间都没有问题.但是从昨天开始，出现以下错误，任何人都可以告诉我原因.

I use SSL connection to connect web client to server. It works without any problem for a long time. But from yesterday it gives following error can anyone tell me the reason.

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1172)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
        at net.schubart.fixme.internal.MessageInput.readExactly(MessageInput.java:166)
        at net.schubart.fixme.internal.MessageInput.readMessage(MessageInput.java:78)
        at cc.aot.itsWeb.ClientWriterThread.run(ClientWriterThread.java:241)
        at java.lang.Thread.run(Thread.java:619)
clientWriter.ready
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1586)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:865)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
        at java.io.OutputStream.write(OutputStream.java:58)
        at net.schubart.fixme.internal.Message.write(Message.java:267)
        at net.schubart.fixme.internal.MessageOutput.writeMessage(MessageOutput.java:53)

推荐答案

证书存在问题.以下是使用安全SSL程序之前可能需要熟悉的事项列表.必须有一个信任库，密钥库，并且必须添加证书.要将密钥添加到cacerts文件中，如步骤6所示，计算机可能会要求您输入未知的密码.最有可能是"changeit"

The problem you're having is with the certificates. Here is a list of things you might need to be familiar with before working with a secure SSL program. There must be a truststore, keystore, and the certs have to be added. To add the key to your cacerts file, as in step 6, the computer might ask you for a password that you don't know. It is "changeit" mostt likely

1)要创建新的密钥库和具有相应公钥/私钥的自签名证书，请执行以下操作:

1) To create a new keystore and self-signed certificate with corresponding public/private keys:

 keytool -genkeypair -alias "username" -keyalg RSA -validity 7 -keystore keystore

2)检查密钥库:

keytool -list -v -keystore keystore

3)导出并检查自签名证书:

3) Export and examine the self-signed certificate:

keytool -export -alias "username" -keystore keystore -rfc -file "username".cer

4)将证书导入到新的信任库中:

4) Import the certificate into a new truststore:

keytool -import -alias "username" -file "username".cer -keystore truststore

5)检查信任库:

keytool -list -v -keystore truststore

6)添加到密钥库(这是您想要的):

sudo keytool -import -file "username".cer -alias "username" -keystore "path-to-keystore"

在某些系统上，可以在

/usr/lib/jvm/<java version folder>/jre/lib/security/cacerts

在其他系统上，它类似于

and on other systems it is something like

/etc/ssl/certs/java/cacerts

如果需要更多说明，请在Git-Hub上查看此项目: https://github.com/rabbitfighter81/JSSLInfoCollectionServer 这是一个有助于使用键的shell脚本. https://github.com/rabbitfighter81/SSLKeytool

Check out this project on Git-Hub if you need more clarification: https://github.com/rabbitfighter81/JSSLInfoCollectionServer And here is a shell script that helps with keys. https://github.com/rabbitfighter81/SSLKeytool

这篇关于SSL握手异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！