67,513
社区成员
发帖
与我相关
我的任务
分享OpenJDK和Sun标准JDK导入证书的不同
最近在开发一个项目,需要导入一个网站的证书到JDK。
本地用的是sun的标准JDK 1.8,导入证书到JDK后没问题,可以访问该网站。
但是把代码上传到jenkins服务器跑测试的时候出bug了,服务器那边用的是OpenJDK 8。
bug如下:
16:51:47 burp:javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
16:51:47 burp:at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
16:51:47 burp:at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
16:51:47 burp:at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
16:51:47 burp:at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
16:51:47 burp:at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
16:51:47 burp:at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
16:51:47 burp:at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
16:51:47 burp:at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
16:51:47 burp:at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
16:51:47 burp:at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
16:51:47 burp:at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
16:51:47 burp:at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
16:51:47 burp:at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
16:51:47 burp:at com.sap.sme.sec.dynamic.simulator.SamlLoginHandlerImpl.login(SamlLoginHandlerImpl.java:66)
16:51:47 burp:at com.sap.sme.sec.dynamic.scanner.LoginManager.LoginSystemInternal(LoginManager.java:46)
16:51:47 burp:at burp.BurpExtender.setCommandLineArgs(BurpExtender.java:109)
16:51:47 burp:at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:51:47 burp:at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:51:47 burp:at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:51:47 burp:at java.lang.reflect.Method.invoke(Method.java:498)
16:51:47 burp:at burp.l0g.run(Unknown Source)
16:51:47 burp:at java.lang.Thread.run(Thread.java:745)'
查看了OpenJDK的证书链,根证书也都在。。。不知道为啥会这样。。
本地用的是sun的标准JDK 1.8,导入证书到JDK后没问题,可以访问该网站。
但是把代码上传到jenkins服务器跑测试的时候出bug了,服务器那边用的是OpenJDK 8。
bug如下:
16:51:47 burp:javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
16:51:47 burp:at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
16:51:47 burp:at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
16:51:47 burp:at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
16:51:47 burp:at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
16:51:47 burp:at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
16:51:47 burp:at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
16:51:47 burp:at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
16:51:47 burp:at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
16:51:47 burp:at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
16:51:47 burp:at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
16:51:47 burp:at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
16:51:47 burp:at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
16:51:47 burp:at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
16:51:47 burp:at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
16:51:47 burp:at com.sap.sme.sec.dynamic.simulator.SamlLoginHandlerImpl.login(SamlLoginHandlerImpl.java:66)
16:51:47 burp:at com.sap.sme.sec.dynamic.scanner.LoginManager.LoginSystemInternal(LoginManager.java:46)
16:51:47 burp:at burp.BurpExtender.setCommandLineArgs(BurpExtender.java:109)
16:51:47 burp:at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:51:47 burp:at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:51:47 burp:at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:51:47 burp:at java.lang.reflect.Method.invoke(Method.java:498)
16:51:47 burp:at burp.l0g.run(Unknown Source)
16:51:47 burp:at java.lang.Thread.run(Thread.java:745)'
查看了OpenJDK的证书链,根证书也都在。。。不知道为啥会这样。。
...全文
请发表友善的回复…
发表回复
wzy1870763 2016-12-02
- 打赏
- 举报
问题解决了。
我只导入了网站本身的证书,这个网站证书格式是这样的。
Root CA
|---Net CA
|--网站自己的证书
根证书ROOT CA和NET CA我都没导,不清楚为什么在本地跑没问题,在同事机子上也是没问题的。但到了jenkins上就暴露了,可能还是JDK的原因吧。
现在把三层证书都import进去就好了。
希望给遇到同类问题的一点借鉴。
wzy1870763 2016-12-02
- 打赏
- 举报
换过了,还是报错,检查JDK的信任链表,根证书也都在。。。不知道为啥。。
tianfang 2016-12-01
- 打赏
- 举报
最简单的办法是删除openjdk(或屏蔽路径),安装oracle的jdk,统一环境才好
