没有可用的X509TrustManager实现[SOAP Node IIB 10]

问题描述 投票:0回答:1

我正在尝试使用带有ssl ws的soap请求节点,在我的情况下,我在文件夹(E:\ truststore)中下载了certif .cer,我试着做一些想法:

mqsireportproperties integrationNodeName -o ComIbmJVMManager -a -e integration_server

mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststoreFile -v E:\truststore

mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststorePass -v integration_server::truststorePass

mqsisetdbparms IIBOAB -n integration_server::truststorePass -u na -p password

但我有这个错误:

文本:CHARACTER:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现

能帮到我吗,谢谢

soap-client ibm-integration-bus
1个回答
0
投票

您的问题可能有多种原因,因此我将尝试回顾一切:

您设置密钥库的命令未指定密钥库/信任库名称。另外,在我的记忆中,你可以在BrokerRegistry上设置它,而不是在ComIbmJVMManager上设置它(但它可能有效)有效命令的一个例子:

mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerKeystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerTruststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsisetdbparms $BROKERNAME -n brokerTruststore::password -u $KEYSTORE_USER -p $KEYSTORE_PASSWORD
mqsisetdbparms $BROKERNAME -n brokerKeystore::password -u $KEYSTORE_USER-p $KEYSTORE_PASSWORD

此外,您可能还需要http侦听器的以下命令:

mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n truststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystorePass -v $KEYSTORE_PASSWORD
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener  -n startListener -v true

这是集成总线部分。你的第二个错误(可能是最大的错误)是你不知道什么是密钥库/可信任的事实。将证书放入存储库不是密钥库。 (搜索一下JKS:Java Key Store)

您可以执行以下操作在Unix上生成您的信任库/密钥库:

keystoreName=iibTrust.jks
KEYSTORE_PASSWORD=123qwerty ## DO NOT USE THAT PLEASE
for certificate in `ls *.cer`;
do
    alias=`echo $certificate | rev | cut -d '.' -f 2- | rev | cut -d '_' -f2`
    keytool -importcert -file $certificate -keystore ${keystoreName}.jks -alias $alias -storepass $KEYSTORE_PASSWORD -noprompt
    if [[ $? -ne 0 ]]; then "Unable to add $certificate in keystore $keystoreName.jks";
done    
keytool -list -keystore ${keystoreName}.jks -storepass $KEYSTORE_PASSWORD

我基本上复制/粘贴了我的所有脚本以在IIB上启用SSL,所以有了所有这些信息,你应该能够使它工作。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.