WebLogic 12 SSLKeyException:重新启动后主机名验证失败 [英] WebLogic 12 SSLKeyException: Hostname verification failed after restart

问题描述

我在 WebLogic 12.1.2.0.0 上部署了一个 WAR 文件.应用程序通过 HTTPS 调用 Web 服务.在 DemoTrust.jks 中导入证书.所有 SSL 相关设置都应该正确.实际上它可以工作，但是在服务器重新启动后它不能工作大约 15-20 分钟，之后它又开始工作.在此期间，控制台会打印以下错误:

I have a WAR file deployed on WebLogic 12.1.2.0.0. Application calls a web service via HTTPS. Certificate is imported in DemoTrust.jks. All SSL related settings should be correct. And actually it works but after the server is restarted it does not work for about 15-20 minutes, after that it starts working again. During this period the following errors are printed in console:

<Warning> <Security> <BEA-090504> <Certificate chain received from xxx.xxxxxxxx.xxx.com - 
167.107.80.230 failed hostname verification check. Certificate contained xxx.xxxxxxxx.xxx.com 
but check expected xxx.xxxxxxxx.xxx.com>

在收到警告后:

javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: Hostname verification failed: 
HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier,hostname=xxx.xxxxxxxx.xxx.com.

在上面的警告中，包含的域和预期的域是相同的.

In the warning above contained and expected domains are identical.

感谢您的帮助！

-E

推荐答案

如果这是证书名称中的通配符问题(例如 weblogic 默认验证程序不认为 *.salesforce.com 的证书涵盖 cs86.salesforce.com)，WebLogic 实际上提供了一个自定义验证器来使用:weblogic.security.utils.SSLWLSWildcardHostnameVerifier.此值应在 Console -> 中的服务器 SSL 配置中输入.服务器->{服务器名称} ->SSL->高级->自定义主机名验证器

If this is an issue with wildcards in the certificate name (e.g. weblogic default verifier doesn't think the certificate for *.salesforce.com covers cs86.salesforce.com), WebLogic actually provides a custom verifier to use: weblogic.security.utils.SSLWLSWildcardHostnameVerifier. This value should be entered in the SSL configuration for the server in Console -> Servers -> {Server Name} -> SSL -> Advanced -> Custom Hostname Verifier

这篇关于WebLogic 12 SSLKeyException:重新启动后主机名验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！