我使用 SSL 连接将 Web 客户端连接到服务器。它可以长时间正常工作。但是从昨天开始它给出了以下错误任何人都可以告诉我原因。
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1172)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
at net.schubart.fixme.internal.MessageInput.readExactly(MessageInput.java:166)
at net.schubart.fixme.internal.MessageInput.readMessage(MessageInput.java:78)
at cc.aot.itsWeb.ClientWriterThread.run(ClientWriterThread.java:241)
at java.lang.Thread.run(Thread.java:619)
clientWriter.ready
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1586)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:865)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.OutputStream.write(OutputStream.java:58)
at net.schubart.fixme.internal.Message.write(Message.java:267)
at net.schubart.fixme.internal.MessageOutput.writeMessage(MessageOutput.java:53)
最佳答案
您遇到的问题与证书有关。以下是您在使用安全 SSL 程序之前可能需要熟悉的事项列表。必须有一个信任库、 keystore ,并且必须添加证书。 要将 key 添加到您的 cacerts 文件,如第 6 步,计算机可能会要求您提供您不知道的密码。它很可能是“改变”
1) 使用相应的公钥/私钥创建新的 keystore 和自签名证书:
keytool -genkeypair -alias "username" -keyalg RSA -validity 7 -keystore keystore
2) 检查 keystore :
keytool -list -v -keystore keystore
3) 导出并检查自签名证书:
keytool -export -alias "username" -keystore keystore -rfc -file "username".cer
4) 将证书导入新的信任库:
keytool -import -alias "username" -file "username".cer -keystore truststore
5) 检查信任库:
keytool -list -v -keystore truststore
6) 添加到 keystore (这是你要找的):
sudo keytool -import -file "username".cer -alias "username" -keystore "path-to-keystore"
在某些系统上,这是在
中找到的/usr/lib/jvm/<java version folder>/jre/lib/security/cacerts
在其他系统上是这样的
/etc/ssl/certs/java/cacerts
如果您需要更多说明,请查看 Git-Hub 上的这个项目: https://github.com/rabbitfighter81/JSSLInfoCollectionServer 这是一个帮助处理 key 的 shell 脚本。 https://github.com/rabbitfighter81/SSLKeytool
关于java - SSL 握手异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3775483/