警告:找不到合适的证书 - 继续没有客户端身份验证 [英] Warning: no suitable certificate found - continuing without client authentication
问题描述
团队尝试使用HTTPS完成相互握手时遇到以下问题
Team I am facing following issue when try to complete a mutual handshake using HTTPS
main, READ: TLSv1.2 Handshake, length = 30
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA
Cert Authorities:
<Empty>
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
我的JAVA课程是以下
My JAVA class is a follows
public class ClientCustomSSL {
@SuppressWarnings("deprecation")
public final static void main(String[] args) throws Exception {
// Trust own CA and all self-signed certs
final String CLIENT_KEYSTORE = "yourkeystore.jks";
final String CLIENT_TRUSTSTORE = "catruststore.jks";
final char[] KEYPASS_AND_STOREPASS_VALUE = "Hello1".toCharArray();
System.setProperty("https.protocols", "TLSv1");
//SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keystore, keyPassword)(YK,"Hello1".toCharArray(),"Hello1".toCharArray()).loadTrustMaterial(CA, "Hello1".toCharArray(), (TrustStrategy) new TrustSelfSignedStrategy()).build();
KeyStore clientTrustStore = getStore(CLIENT_TRUSTSTORE, KEYPASS_AND_STOREPASS_VALUE);
KeyStore clientKeyStore = getStore(CLIENT_KEYSTORE, KEYPASS_AND_STOREPASS_VALUE);
SSLContext sslContext = SSLContexts.custom().loadKeyMaterial(clientKeyStore, "Hello1".toCharArray()).loadTrustMaterial(clientTrustStore,(TrustStrategy) new TrustSelfSignedStrategy()).build();
CloseableHttpClient httpclient = HttpClients.custom().setSSLContext(sslContext).build();
System.out.println("SSLCONETXT **** " + sslContext.getProvider());
try {
HttpGet httpget = new HttpGet("https://myserver:10220");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
System.out.println("Inside TRY blcok");
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} catch (Exception e) {
e.getMessage();
e.printStackTrace();
}
finally {
response.close();
}
} finally {
httpclient.close();
}
}
public static KeyStore getStore(final String storeFileName, final char[] password) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException
{
final String JAVA_KEYSTORE = "jks";
final KeyStore store = KeyStore.getInstance(JAVA_KEYSTORE);
URL url = ClientCustomSSL.class.getClassLoader().getResource(storeFileName);
String workingDir = System.getProperty("user.dir");
System.out.println("Current working directory : " + workingDir);
System.out.println("Value of URL *** " + url);
InputStream inputStream = url.openStream();
try {
store.load(inputStream, password);
} finally {
inputStream.close();
}
return store;
}
}
我正在准备一个jar文件从UNIX框测试这个
I am preparing a jar file and testing this from UNIX box
使用以下命令
java -Djavax.net.debug = ssl -cp snSSLclientTrustWithStoreCCC.jar cassandra.cass.ClientCustomSSL
Using following command java -Djavax.net.debug=ssl -cp snSSLclientTrustWithStoreCCC.jar cassandra.cass.ClientCustomSSL
我跟着发布了
为什么在SSL握手期间java不发送客户端证书?
并且还完成了Bruno提到的所有步骤。
I have followed post why doesn't java send the client certificate during SSL handshake? and also completed all the steps mentioned by Bruno.
我不确定我在这里缺少什么。任何帮助将不胜感激
I am not sure what I am missing here. Any help will be appreciated
推荐答案
- 客户端无法在其密钥库中找到证书由
CertificateRequest
消息中提到的任何签名者直接或间接签名。 - 原因是服务器没有在该消息中指定任何可信签署者。
- 这反过来意味着服务器的信任库为空。
- The client was unable to find a certificate in its keystore that was signed directly or indirectly by any of the signers mentioned in the
CertificateRequest
message. - The reason for that was that the server didn't specify any trusted signers in that message.
- Which in turn means that the server's truststore is empty.
这篇关于警告:找不到合适的证书 - 继续没有客户端身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!