替换证书，造成bad_certificate

kyfxbl

浏览: 1861463 次
性别:
来自: 深圳

最近访客更多访客>>

xiaonn2007

xiong555666

kkjjww123

caiqi

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

web service

bad_certificate cxf https web service

系统调用外部的web service，走https方式，今天测试人员自己替换了https证书之后，说调用不通了，我协助定位了一下，在此记录一下定位过程，作为记录

查看cxf日志，发现以下错误信息：

javax.xml.ws.soap.SOAPFaultException: Received fatal alert: bad_certificate

Caused by: org.apache.cxf.interceptor.Fault: Received fatal alert: bad_certificate

Caused by: com.ctc.wstx.exc.WstxIOException: Received fatal alert: bad_certificate

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1555) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) ~[na:1.6]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) ~[na:1.6]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) ~[na:1.6]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) ~[na:1.6.0_29]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) ~[na:1.6]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1840) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1798) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:68) ~[cxf-2.0.13.jar:2.0.13]
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) ~[wstx-asl-3.2.4.jar:3.2.4]
... 62 common frames omitted

感觉是证书的问题，于是从服务器上取下证书，用keytool -list -v 命令看了一下，配置的CN是正确的

但是比对了一下这个证书和原始证书的大小，发现不符合，显然不是同一份证书

因为对方的web service是双向认证https的，所以原先的证书信息，已经导入到对方的truststore里了。现在临时替换了一个证书，没有重新导入对方的truststore中，因此对方不接受新的证书，造成调用无法成功

分享到：

镜像环境、代码分支、版本发布 | cxf配置http:conduit

2012-05-14 21:47
浏览 5400
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论