HTTPS 上的 Weblogic 服务器 SSL 问题

Question

我使用的是 weblogic 10.3.6，我已将应用程序 A 和 B 部署到同一个盒子但不同的服务器实例中。

两台服务器都为 SSL 配置中的两种客户端证书行为选择“未请求客户端证书”。

每次我们重新启动服务器时，它都会在同一天正常工作。但是从第二天开始，当应用程序 A 尝试向应用程序 B 调用 https 服务器请求时，我收到以下错误。

Weblogic 服务器日志跟踪：

    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 455813> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will  be Muxing> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <20666515 SSL Version 2 with no padding> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 SSL3/TLS MAC> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 received SSL_20_RECORD> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ClientHelloV2> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 58> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 4809> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 4> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 SSL3/TLS MAC> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <21699288 received ALERT> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 46
    java.lang.Exception: New alert stack
        at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
        at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
        at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
        at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
        at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    > 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@925980> 
    <Apr 15, 2014 10:32:34 AM SGT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from serverB- 192.168.1.XXX. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <close(): 20666515> 
    <Apr 15, 2014 10:32:34 AM SGT> <Debug> <SecuritySSL> <BEA-000000> <close(): 20666515> 

Answer 1

您是使用 apache 代理 (mod_weblogic)，还是将请求直接发送到 weblogic 服务器。如果第二个选项为真，则必须确保服务器上有正确的证书。都必须有效。

同时尝试勾选/取消勾选“使用 JSSE SSL”：

Domain -> Servers -> choose managed node -> Configuration -> SSL -> Advanced -> Use JSSE SSL