SSLPeerUnverifiedException尝试上传期间 [英] SSLPeerUnverifiedException During attempted upload
问题描述
使用ssl尝试将文件上传到Alfresco服务器时,服务器日志不会显示任何错误.可以从客户端日志中提取以下错误.
When attempting a file upload to an Alfresco Server using ssl the server logs show no errors. The below error can be pulled from the clients logs.
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
证书已检查且有效. 从该错误中可以判断出该错误是否是在SSL握手的服务器端或客户端发生的吗?
Certificates have been checked, and are valid. From this error is it possible to tell if the error is occuring on the server or client side of the ssl handshake?
我会假设它是客户端,因为服务器未显示任何日志条目,但对我的回答不满意.可能是客户端的服务器证书无效,需要将其重新导入为受信任的源吗?
I would assume that it is client side since the server shows no log entries but am not confident in my answer. Could it be that the client has an invalid certificate for the server, and it needs to be reimported as a trusted source?
新信息:
用于 SSLPeerUnVerifedException 提到对等方无法识别自己.".因此,我被认为是我的猜测,认为需要在客户端计算机上解决某些问题?
The javadoc for SSLPeerUnVerifedException mentions that "the peer was not able to identify itself.". So I am led to believe that my guess stands that something needs to be addressed on the client machine?
我不确定这种问题是否属于此处或有关Serverfault的问题,但随时可以投票提出.
I am unsure if this kind of question belongs here or on Serverfault, but feel free to vote to move.
我还以另一种方式对ServerFault提出了问题
I have also floated the question over on ServerFault in a different fashion.
推荐答案
Alfresco不会发布受信任的(!= valid)证书,并且开箱即用的基于SSL的唯一通信是在存储库和solr(自露天矿4.0起).
Alfresco does not ship a trusted (!=valid) certificate and the only SSL based communication used out of the box is between the repository and solr (since alfresco 4.0).
尽管如此,症状看起来非常像客户端不接受服务器提供的不受信任的证书.有效期(以有效期为准)是另外一回事.
Nevertheless, the symptoms pretty much look like the client does not accept an untrusted certificate presented by the server. Validity (as in expiration date) is a different story.
无论如何,必须准备好"相当普遍使用的apache httpclient来接受和使用不受信任的证书.您绝对应该检查 http://javaskeleton.blogspot.com /2010/07/avoiding-peer-not-authenticated-with.html (如果您正在使用的话).通常,您仅导入不受信任的证书.我不知道导入受信任证书的任何理由.
Anyways, the fairly commonly used apache httpclient has to be "prepared" to accept and work with untrusted certificates. You should definitely check http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html if you are using it. Usually, you only import untrusted certificates. I don't know any reason to import trusted ones.
这篇关于SSLPeerUnverifiedException尝试上传期间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
