【发布时间】:2019-06-12 11:47:26
【问题描述】:
我正在尝试使用 vertx 实现服务器和客户端之间的 SSL 连接。 我已经生成了服务器证书并存储在密钥库中,从密钥库中提取了证书并将其导入到信任库中。但是当我尝试将服务器连接到客户端时,出现以下错误: javax.net.ssl.SSLException:收到致命警报:certificate_unknown
生成的 keystore.jks 和 truststore.jks,我将它保存在单独的文件夹中,我在我的代码中引用了这个位置。
使用我在下面完成的 vertx, 服务器代码:
HttpServer server =vertx.createHttpServer(new HttpServerOptions().setSsl(true).setKeyStoreOptions(
new JksOptions().setPath("C:\\Desktop\\keystore.jks").setPassword("xxxxx")
));
// Creating HttpServer
server.requestHandler(router::accept).listen((int) configs.get(Constants.PORT));
客户端代码:
WebClientOptions options = new WebClientOptions();
options.setKeepAlive(config().getBoolean("webClient.keepAlive", true));
options.setMaxPoolSize(config().getInteger("webClient.maxPoolSize", 200));
options.setSsl(true);
options.setTrustStoreOptions(new JksOptions()
.setPath("C:/Desktop/truststore.jks")
.setPassword("xxxxx")
);
WebClient webClient = WebClient.create(vertx, options);
服务器端:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
客户端:
Caused by: java.security.cert.CertificateException: No name matching localhost found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
【问题讨论】:
-
您是否尝试过禁用主机名验证?