证书签名验证失败 [英] Certificate signature validation failed
问题描述
我的网站托管在亚马逊上。它建立在java 1.4.2_13的微软版本上。我注意到电子邮件没有出去。我没有对代码进行任何更改。我在亚马逊的网站上找到了这个文件,并按照他们的指示发现我们的java环境没有通过测试。所以,我导入了新的ssl根证书。我可以验证它是否在密钥库中,但是当我运行其shaTest并且仍然没有发送电子邮件时,我收到以下错误消息。任何帮助表示赞赏。谢谢!
My website is hosted on Amazon. It is built on the microsoft version of java 1.4.2_13. I noticed emails were not going out. I had not made any changes to the code. I found this document on amazon's site and followed their directions to find out that our java environment did not pass the test. So, I imported the new ssl root certificate. I can verify that it is in the keystore, but I get the following error message when I run their shaTest and emails are still not being sent. Any help is appreciated. Thanks!
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature validation failed
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.URLConnection.getContent(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(Unknown Source)
at java.net.URL.getContent(Unknown Source)
at ShaTest.main(ShaTest.java:11)
Caused by: sun.security.validator.ValidatorException: Certificate signature validation failed
at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 14 more
Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.11 Signature not available
at java.security.Security.getEngineClassName(Unknown Source)
at java.security.Security.getEngineClassName(Unknown Source)
at java.security.Security.getImpl(Unknown Source)
at java.security.Signature.getInstance(Unknown Source)
at sun.security.x509.X509CertImpl.verify(Unknown Source)
at sun.security.x509.X509CertImpl.verify(Unknown Source)
... 18 more
推荐答案
Java本身得到了在1.4.2中支持SHA256,但Microsoft Java可能不支持 - 特别是因为它已经停止了很长时间。 您或许可以使用bouncycastle 。
Java itself got SHA256 support in 1.4.2, but the Microsoft Java may not- especially because it's been discontinued for a long time. You might be able to use bouncycastle.
注意Java 1.4出现在 2002 中。那是14年前的事了。那应该是一个巨大的红旗;我不会在连接到互联网的任何机器上运行它。
Note Java 1.4 came out in 2002. That's 14 years ago. That should be a huge red flag; I wouldn't run that on any machine connected to the Internet.
这篇关于证书签名验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
