IBM Liberty 和 Cloudant 之间的 SSL 握手失败
SSL Handshake Failure between IBM Liberty and Cloudant
我是 运行 IBM Liberty 服务器(在 IBM Container 上),在 https 中带有自签名证书(在 server.xml 中描述)。
我正在连接到 IBM cloudant 数据库以满足数据库需求。在我将 liberty 服务器切换到 https 之前一切正常。我收到以下异常
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
我按照此处 https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.html 的文档将 openssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert 生成的 cloudant 证书导入 liberty truststore,但这并没有解决问题。
感谢您的帮助。
尝试使用:openssl s_client -connect xxxxx-bluemix.cloudant.com:443 其中 xxxxx-bluemix.cloudant.com 指的是您的 Bluemix Cloudant 服务实例。
您可以通过从 Cloudant 服务实例启动 Bluemix 中的 Cloudant 仪表板来获取服务实例域。单击右上角的 API 选项卡。
我是 运行 IBM Liberty 服务器(在 IBM Container 上),在 https 中带有自签名证书(在 server.xml 中描述)。
我正在连接到 IBM cloudant 数据库以满足数据库需求。在我将 liberty 服务器切换到 https 之前一切正常。我收到以下异常
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
我按照此处 https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.html 的文档将 openssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert 生成的 cloudant 证书导入 liberty truststore,但这并没有解决问题。
感谢您的帮助。
尝试使用:openssl s_client -connect xxxxx-bluemix.cloudant.com:443 其中 xxxxx-bluemix.cloudant.com 指的是您的 Bluemix Cloudant 服务实例。
您可以通过从 Cloudant 服务实例启动 Bluemix 中的 Cloudant 仪表板来获取服务实例域。单击右上角的 API 选项卡。