首先让大家知道我是新手!
我有两个文件被添加到信任存储中,以使我们的Java应用程序可以与传真服务通信。一个是api.fax.crt,另一个是api.fax.ca。我一直以以下方式将证书添加到服务器:
cd /etc/pki/ca-trust/source/anchors/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.faxa.crt .
sudo update-ca-trust
sudo service tomcat restart
这似乎确实有效,但有时需要十分钟才能完成,有时甚至需要数小时。通过工作,我的意思是它使使用它的代码与最终传真服务通信我阅读了一下,发现可能应该将它们安装在JVM信任库中。我尝试了以下方法:
cd /usr/java/latest/lib/security/
aws s3 cp s3://BlahBlah/temp/api.fax.ca .
aws s3 cp s3://BlahBlah/temp/api.fax.crt .
sudo keytool -importcert -noprompt -trustcacerts -alias faxage -file api.fax.com.ca -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo keytool -importcert -noprompt -trustcacerts -alias faxage2 -file api.fax.com.crt -keystore /usr/java/latest/lib/security/cacerts -storepass blahblah
sudo service tomcat restart
通过这种方式,我无法连接到传真服务。
有更好的方法吗?我应该将其添加到Java位置还是ca-trust位置?我应该同时添加ca和crt文件吗?为什么在第一个示例中延迟才能起作用?谢谢大家的见解!!!
FYI-我得到的错误如下。我查找了这些错误,发现的答案是将证书添加到“ / usr / java / latest / lib / security / cacert”密钥库中,但我尝试了,但它不起作用。
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br>
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)<br>
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)<br>
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)<br>
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)<br>
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)<br>
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)<br>
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)<br>
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)<br>
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)<br>
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:427)<br>
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)<br>
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)<br>
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)<br>
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)<br>
at java.base/java.io.BufferedOutputStream.write(BufferedOutputStream.java:122)<br>
at java.base/java.io.FilterOutputStream.write(FilterOutputStream.java:108)<br>
at org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:90)<br>
And many more........
您还需要更新server.xml,以将其告知keystore的路径:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
文档的其余部分也可能有用