首先我下载了证书:
echo "" | openssl s_client -connect io.lightstream.bitflyer.com:443 -showcerts 2>/dev/null | openssl x509 -out bitflyer.cer
然后我将证书导入钥匙串(keychain):
keytool -import -file bitflyer.cer -alias bitflyer -keystore bitflyer.jks -storepass "abc123" -keypass "abc123"
所以我正在尝试连接到
io.lightstream.bitflyer.com:443
.在我完整的握手之下:Sending HTTP handshake! req=GET / HTTP/1.1
Host: io.lightstream.bitflyer.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Sec-WebSocket-Key: 0enPg4mnHvLcT6s7+4mEGA==
Origin: http://www.websocket.org
Sec-WebSocket-Version: 13
但后来我得到:
Caused by: sun.security.validator.ValidatorException: Certificate signature validation failed
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:215)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 16 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:449)
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:392)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:213)
... 21 more
任何想法我做错了什么或如何调试?谢谢!
最佳答案
openssl s_client -connect io.lightstream.bitflyer.com:443
您在此处获得的证书取决于 OpenSSL 版本。直到 1.0.2
server_name
扩展名 (SNI) 没有自动使用(即您必须明确使用 -servername
)并且没有生成的证书是“Kubernetes Ingress Controller Fake Certificate”的自签名证书。尽管证书是“io.lightstream.bitflyer.com”的正确证书,但使用 SNI。我的猜测是,当 Java 使用 SNI 时,您实际上添加了“Kubernetes Ingress Controller Fake Certificate”的证书,因此获得了“io.lightstream.bitflyer.com”的证书。或者它可能是相反的,这取决于您的 OpenSSL、Java 和实际 Java 代码的版本。
关于java - 尝试从远程 SSL 地址下载和设置证书以进行 WebSocket 连接,但出现 "Signature does not match"异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60818950/