SoapUI无法连接HTTPS(SSLPeerUnverifiedException) [英] SoapUI fails to connect HTTPS (SSLPeerUnverifiedException)
问题描述
我需要测试部署在HTTPS端点上部署的预发布环境的Web服务。不幸的是,SoapUI失败了 SSLPeerUnverifiedException:peer not authenticated
exception。我使用了4.6.4和非常新的5.0版本。
I need to test web service that is being deployed to pre-release environment that is deployed on HTTPS endpoint. Unfortunatelly SoapUI fails with SSLPeerUnverifiedException: peer not authenticated
exception. I used both versions 4.6.4 and very fresh 5.0.
环境:
端点是https,startcom证书,网络使用代理(但相同的问题没有代理与不同的网络)
endpoint is https, startcom certificate, network uses proxy (but same issue without proxy with different network)
我花了很多时间,也许每天谷歌搜索解决方案。特别是这个链接看起来很有希望: https://forum.soapui.org/viewtopic .php?f = 13& t = 20866
I have spent many hours, maybe a day googling for a solution. Especially this link looked promising: https://forum.soapui.org/viewtopic.php?f=13&t=20866
我通过firefox提取了端点证书并让它信任。所以我从soapui JVM安装中修改了 cacerts
:
I extracted endpoint certificate via firefox and let it trust. So I modified cacerts
from soapui JVM installation:
..\SoapUI-4.6.4\jre\lib\security>keytool -import -alias HOSTNAME
-file endpoint.crt -keystore cacerts -storepass changeit
重新启动然后重新测试 - 失败。
Restart and then retested - fail.
然后我采取了不同的方法让SoapUI JVM信任所有StartCom证书。
Then I took different approach and let SoapUI JVM trust all StartCom certificates.
keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
重新启动并再次失败。我现在还能做什么?
Restart and failed again. What else shall I do now?
编辑
2014-05-30 08:39:53,782 ERROR [errorlog] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:446)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:499)
at com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.createLayeredSocket(SoapUISSLSocketFactory.java:268)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:200)
at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:277)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:142)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:758)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:565)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:238)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:348)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:318)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:232)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
SSL调试:
adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x1
Valid from Sun Sep 17 21:46:36 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Thread-20, WRITE: TLSv1 Handshake, length = 186
Thread-20, READ: TLSv1 Alert, length = 2
Thread-20, RECV TLSv1 ALERT: warning, unrecognized_name
SSL - handshake alert: unrecognized_name
Thread-20, handling exception: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
Thread-20, SEND TLSv1 ALERT: fatal, description = unexpected_message
Thread-20, WRITE: TLSv1 Alert, length = 2
Thread-20, called closeSocket()
Thread-20, IOException in getSession(): javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
09:16:12,482 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
推荐答案
好的,此问题的解决方法是设置
Ok, the fix for this problem is to set
-Djsse.enableSNIExtension=false
in $ SOAPUI_HOME / bin / soapui.bat
原因在此答案中描述: https ://stackoverflow.com/a/14884941/1639556
The reason is described in this answer: https://stackoverflow.com/a/14884941/1639556
摘要:
Java 7介绍了默认启用的SNI支持。我发现某些配置错误的服务器在SSL握手中发出无法识别的名称警告,大多数客户端都会忽略该警告......除了Java。
Java 7 introduced SNI support which is enabled by default. I have found out that certain misconfigured servers send an "Unrecognized Name" warning in the SSL handshake which is ignored by most clients... except for Java.
更新:对于SoapUI 5.2.1我必须更改文件 SoapUI-5.2.1.vmoptions
因为修改 bat
文件无效。
Update: for SoapUI 5.2.1 I had to alter a file SoapUI-5.2.1.vmoptions
because modifying bat
file did not help.
这篇关于SoapUI无法连接HTTPS(SSLPeerUnverifiedException)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!