轮换证书,造成bad_certificate
替换证书,造成bad_certificate
系统调用外部的web service,走https方式,今天测试人员自己替换了https证书之后,说调用不通了,我协助定位了一下,在此记录一下定位过程,作为记录
查看cxf日志,发现以下错误信息:
javax.xml.ws.soap.SOAPFaultException: Received fatal alert: bad_certificate
Caused by: org.apache.cxf.interceptor.Fault: Received fatal alert: bad_certificate
Caused by: com.ctc.wstx.exc.WstxIOException: Received fatal alert: bad_certificate
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1555) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) ~[na:1.6]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) ~[na:1.6]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) ~[na:1.6]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) ~[na:1.6.0_29]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) ~[na:1.6]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1840) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1798) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:68) ~[cxf-2.0.13.jar:2.0.13]
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) ~[wstx-asl-3.2.4.jar:3.2.4]
... 62 common frames omitted
感觉是证书的问题,于是从服务器上取下证书,用keytool -list -v 命令看了一下,配置的CN是正确的
但是比对了一下这个证书和原始证书的大小,发现不符合,显然不是同一份证书
因为对方的web service是双向认证https的,所以原先的证书信息,已经导入到对方的truststore里了。现在临时替换了一个证书,没有重新导入对方的truststore中,因此对方不接受新的证书,造成调用无法成功
系统调用外部的web service,走https方式,今天测试人员自己替换了https证书之后,说调用不通了,我协助定位了一下,在此记录一下定位过程,作为记录
查看cxf日志,发现以下错误信息:
javax.xml.ws.soap.SOAPFaultException: Received fatal alert: bad_certificate
Caused by: org.apache.cxf.interceptor.Fault: Received fatal alert: bad_certificate
Caused by: com.ctc.wstx.exc.WstxIOException: Received fatal alert: bad_certificate
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1555) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) ~[na:1.6]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) ~[na:1.6]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) ~[na:1.6]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) ~[na:1.6.0_29]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) ~[na:1.6]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1840) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1798) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:68) ~[cxf-2.0.13.jar:2.0.13]
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) ~[wstx-asl-3.2.4.jar:3.2.4]
... 62 common frames omitted
感觉是证书的问题,于是从服务器上取下证书,用keytool -list -v 命令看了一下,配置的CN是正确的
但是比对了一下这个证书和原始证书的大小,发现不符合,显然不是同一份证书
因为对方的web service是双向认证https的,所以原先的证书信息,已经导入到对方的truststore里了。现在临时替换了一个证书,没有重新导入对方的truststore中,因此对方不接受新的证书,造成调用无法成功