I have a trouble with ssl , and need your help ,thanks a lot!

wooddoor 2004-06-10 11:18:03
Hello everyone!
I have a trouble with ssl , and need your help ,thanks a lot!
I use Tomcat4.0 + ssl + saop to translate data , get a Exception as below:

Error opening socket: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

Here is my simple code,I send data two time ,one is to 172.16.4.201,and other is to 172.16.4.62 . and when send to 201 ,use certification is "c:\\test\\myKeystore". When send to 62 ,use certification is c:\\test\\abc :

/** Here is the First send data */
Send send1 = Send.getInstance();
Info info1 = new Info();
info.setTransContent(“aaaaaaaaaaaaaa”);
info1.setCertificateKeyStore("c:\\test\\myKeystore");
info1.setUseHttps(true);
info1.setTargetSystem(
"https://172.16.4.201:8443/soap/servlet/rpcrouter");
try {
send1.sendString(info1);
} catch (Exception e) {
e.printStackTrace();
}
/** Here is the Second send data*/

Send send = Send.getInstance();
Info info = new Info();
info.setTransContent(“bbbbbbbbbbbbbbb”);
info.setCertificateKeyStore("c:\\test\\abc");
info.setUseHttps(true);
info.setTargetSystem(
"https://172.16.4.62:8443/soap/servlet/rpcrouter");
try {
send.sendString(info);
} catch (Exception e) {
e.printStackTrace();
}

these code was write in my java appalication,when I run this ,will get error above ,say that No trusted certificate found.but ,if I only run the first send ,or I only run the second send ,that will be ok ,will no error .why ??

I think may be first use certification ,then system catched the content ,so when I send the second time ,that need use other certification,but system still use first certification.
I use below code to remove catched :
System.setProperty("networkaddress.cache.ttl ","0");
But has no effect!


By the way , I use
System.setProperty("javax.net.debug","all");
And in the debug info ,I saw that system read Certificate chain for two times ,and ervery time it is not the same ,it is said that system has read two deferent certification ,but why he still say No trusted certificate found??
...全文
132 点赞 收藏 4
写回复
4 条回复
切换为时间正序
当前发帖距今超过3年,不再开放新的回复
发表回复
wooddoor 2004-06-22
The reason of error ,is that when connect two computer ,I use two deffrent certifications .
I change it and use only one certification ,just copy one certification to two computer.it's ok!
---thanks very much!
回复
usabcd 2004-06-11
不知道你这个info.setCertificateKeyStore方法具体是怎么做的,
其实你只要设2个系统参数即可:
System.setProperty("javax.net.ssl.trustStore", "yourTrustStoreFileName");
System.setProperty("javax.net.ssl.trustStorePassword", "yourTrustStorePassword");
你把其他的代码去掉看看,只设这两个参数。
奇怪,你一个客户端为甚么要用2个 keystore,只要用一个keystore然后倒入
2个服务端的证书不是就可以了吗
回复
wooddoor 2004-06-11
我觉得好像不是证书出错得问题.
因为,如果我单独象一台机器发送,那么没有问题.只有同时向两台机器发送数据,那么回出现问题.
I use keytool to generate certificate, with the certificate,I can send data to one computer without any error. Only when I send data to more than one computer ,such as two computer ,in the same time ,it will be error.

may be when I send data to two computer the same time, then system initialized ,and catched the first certification content ,and when I send the data to other computer ,system still use the first certificate, so get a error say that “No trusted certificate found”. I don’t know is it for this reason.

After I use System.setProperty("javax.net.debug","all"); I can see this Information:
For first send will show :
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: c:\t\myKeystore
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=a, OU=b, O=c, L=d, ST=e, C=f
Issuer: CN=a, OU=b, O=c, L=d, ST=e, C=f
Algorithm: RSA; Serial number: 0x40c67e6c
Valid from Wed Jun 09 11:05:16 CST 2004 until Tue Sep 07 11:05:16 CST 2004

init context
trigger seeding of SecureRandom
done seeding SecureRandom

but when the second send it will not be shown.
Why ??
回复
usabcd 2004-06-10
不知道你的Send 和Info具体是干嘛的,SSL是标准加密协议,一般情况下并不需要你另外写代码进行加密解密,只要配置好系统环境就可以了。
不过出现上面错误的原因一般是因为你的客户端keystore没有倒入服务端的证书。检查下你的keystore的内容就知道了。
c:\\test\\myKeystore

回复
发帖
Java EE
创建于2007-09-28

6.6w+

社区成员

J2EE只是Java企业应用。我们需要一个跨J2SE/WEB/EJB的微容器,保护我们的业务核心组件(中间件),以延续它的生命力,而不是依赖J2SE/J2EE版本。
申请成为版主
帖子事件
创建了帖子
2004-06-10 11:18
社区公告
暂无公告