java - 无法访问位于 HTTPS 负载均衡器后面的 HTTPS Web 服务

Question

我正在开发一个 Web 服务客户端来访问位于 HTTPS 负载均衡器后面的 HTTPS Web 服务。但我遇到了异常(exception)。

    com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.
    java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl
    java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl

HOST和PORT是负载均衡器的IP地址和端口。

我可以从浏览器访问此 URL - https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl

但不是这个 - https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl

我使用此代码忽略证书 -

    TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
        public X509Certificate[] getAcceptedIssuers(){return null;}
        public void checkClientTrusted(X509Certificate[] certs, String authType){}
        public void checkServerTrusted(X509Certificate[] certs, String authType){}
    }};

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        ;
    }

这是完整的堆栈跟踪:

    [ERROR   ] SRVE0777E: Exception thrown by application class 'com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex:196'
    com.sun.xml.internal.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.

    java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl
    java.io.IOException: Got java.security.cert.CertificateException: No subject alternative names present while opening stream from https://HOST:PORT/itim/services/WSSessionService/WEB-INF/wsdl/WSSessionService.wsdl?wsdl

at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:196)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:168)
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:272)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:235)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:183)
at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Service.java:89)
at com.ibm.itim.ws.services.WSSessionService_Service.<init>(WSSessionService_Service.java:50)
at examples.ws.GenericWSClient.getSessionService(GenericWSClient.java:150)
at examples.ws.MyServlet.doGet(MyServlet.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1240)
at [internal classes]

Answer 1

创建一个自签名证书，如下所示:
keytool -genkey -alias YOUR_ALIAS -keyalg RSA -keystore YOUR_PATH_KS

当它询问您“名字和姓氏”时，请输入您的HOST_NAME

从新创建的 key 存储中导出证书:
keytool -exportcert -alias -file YOUR_PATH_CERTIFICATE -keystore YOUR_PATH_KS

导入您的证书到“受信任的 Ca 证书”

cd %JAVA_HOME%\jre\lib\security
keytool -import -trustcacerts -keystore cacerts -alias YOUR_HOSTNAME -file YOUR_PATH_CERTIFICATE