我坚持这一点的时间比我想承认的要长得多。我想使用 WebSphere Liberty 连接到 cloudant/couchdb。
我对 Java 应用程序开发、Liberty、Cloudant 和 Bluemix 还很陌生。
我认为我需要在本地信任库中为 cloudant 添加 SSL 证书,但唯一的方法似乎是使用 Websphere Application Server 集成解决方案控制台,我无法使用 Liberty 运行它?
如果有人能指导我正确的方向,我将不胜感激!
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, OU=Engineering, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store C:/Users/user/Liberty/usr/servers/simplespring2/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ERROR ] Failed to read cookie response header
java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, OU=Engineering, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store C:/Users/user/Liberty/usr/servers/simplespring2/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ERROR ] Failed to get response code from request
java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ERROR ] SRVE0777E: Exception thrown by application class 'db.CloudantClientMgr.getDB:128'
java.lang.RuntimeException: DB Not found
at db.CloudantClientMgr.getDB(CloudantClientMgr.java:128)
at servlets.LocationServlet.setLocation(LocationServlet.java:180)
at servlets.LocationServlet.doPost(LocationServlet.java:170)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1287)
at [internal classes]
Caused by: com.cloudant.client.org.lightcouch.CouchDbException: Error retrieving server response
at com.cloudant.client.org.lightcouch.CouchDbClient.execute(CouchDbClient.java:535)
at com.cloudant.client.org.lightcouch.CouchDbClient.executeToInputStream(CouchDbClient.java:550)
at com.cloudant.client.org.lightcouch.CouchDbClient.put(CouchDbClient.java:361)
at com.cloudant.client.org.lightcouch.CouchDbClient.put(CouchDbClient.java:351)
at com.cloudant.client.org.lightcouch.CouchDatabaseBase.create(CouchDatabaseBase.java:437)
at com.cloudant.client.org.lightcouch.CouchDatabaseBase.<init>(CouchDatabaseBase.java:61)
at com.cloudant.client.org.lightcouch.CouchDatabase.<init>(CouchDatabase.java:26)
at com.cloudant.client.org.lightcouch.CouchDbClient.database(CouchDbClient.java:165)
at com.cloudant.client.api.CloudantClient.database(CloudantClient.java:216)
at db.CloudantClientMgr.getDB(CloudantClientMgr.java:126)
... 6 more
Caused by (repeated) ... : javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.cloudant.client.org.lightcouch.CouchDbClient.execute(CouchDbClient.java:483)
... 15 more
Caused by: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:290)
at [internal classes]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 32 more
最佳答案
您需要将远程服务器证书添加到WAS trustStore
获取远程证书(例如:使用 Linux/Mac):
回声“” | openssl s_client -connect YOUR_REMOTE_SERVER:443 -showcerts 2>/dev/null | openssl x509 -out certfile.txt
将证书导入到 trustStore 文件:
keytool -import -alias ca -file certfile.txt -keystore trust.jks -storepass changeit
在您的 WAS server.xml
中使用此 JKS 信任库,将其复制到您的 WAS ({WLP}/usr/servers/{YOUR_SERVER}/resources/security
) 并将这些添加到您的 server.xml
例如:
<ssl id="defaultSSLSettings" sslProtocol="TLSv1.2" keyStoreRef="defaultKeyStore"
trustStoreRef="defaultTrustStore" />
<keyStore id="defaultKeyStore" location="${server.config.dir}/resources/security/key.jks"
password="changeit" />
<keyStore id="defaultTrustStore"
location="${server.config.dir}/resources/security/trust.jks" password="changeit" />
关于java - 使用 cloudant 的自由应用程序的 SSL 握手失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35352350/