配置 mobileFirst 密钥库后仍然遇到证书错误
Still hitting certificate error after configure mobileFirst keystore
美好的一天,
我有一个 MobileFirst 服务器,它将调用我的银行端应用程序(IP 地址:10.8.1.46)。
当我连接到 http 后端应用程序时它正在工作。
我想将其更改为连接到 https
。
以下是我完成的步骤:
登录bakend服务器,运行以下命令生成keystore:
keytool -genkey -alias backend -keyalg RSA -validity 365 -keystore backend.jks -storetype JKS
它提示输入密钥库密码、名字和姓氏以及其他信息。
对于名字和姓氏,我输入 10.8.1.46
我用运行下面的命令导出crt
文件
keytool -export -alias backend -keystore backend.keystore -rfc -file backend.crt
我将此 backend.crt
复制到我的 mfp
服务器。在我的 mfp 服务器中,我还通过以下命令创建了一个密钥库:
keytool -keystore mfp.jks -genkey -alias mfp -keyalg RSA
我运行以下命令将后端证书导入 mfp 密钥库。
keytool -import -alias backend -file backend.crt -storetype JKS -keystore mfp.jks
我 运行 用于验证证书是否在密钥库中的 keytool 命令,是的,它在里面。
keytool -list -keystore mfp.jks
接下来,我去编辑 mfp 服务器 server.xml
,我更新密钥库标签如下:
<keyStore id="defaultKeyStore" location="/opt/IBM/libertyCore/usr/servers/mfp1/resources/security/mfp.jks" password="pass123" type="jks" />
然后我在 adapter.xml 的 <connectivity>
标签中添加:
<displayName>MyAdapter</displayName>
<description>MyAdapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>10.8.1.46</domain>
<port>8443</port>
<sslCertificateAlias>mfp</sslCertificateAlias>
<sslCertificatePassword>pass123</sslCertificatePassword>
</connectionPolicy>
</connectivity>
<JAXRSApplicationClass>c.c.i.mobile.MyAdapterApplication</JAXRSApplicationClass>
<property name="rest.api.base.url" defaultValue="https://10.8.1.46:8443/api/v1" description="REST API Base URL" />
<property name="rest.api.connection.request.timeout" defaultValue="4000" description="REST API Connection Request Timeout (miliseconds)" />
<property name="rest.api.connect.timeout" defaultValue="10000" description="REST API Connect Timeout (miliseconds)" />
<property name="rest.api.socket.timeout" defaultValue="50000" description="REST API Socket Timeout (miliseconds)" />
<securityCheckDefinition name="UserAuthentication" class="c.c.i.mobile.authentication.UserAuthentication">
<property name="maxAttempts" defaultValue="3" description="How many attempts are allowed"/>
</securityCheckDefinition>
- 重新启动 mfp 服务器。
但是,当向 https 后端服务发出请求时,我仍然遇到证书错误。
[2/20/20 18:56:37:900 MYT] 0000008c c.c.i.mobile.resources.GeneralResource I >>> initialize
[2/20/20 18:56:37:906 MYT] 0000008c c.c.i.mobile.client.RestClient E client fail to execute REST
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.cv.ibs.mobile.client.RestClient.execute(RestClient.java:55)
at com.cv.ibs.mobile.resources.BaseResource.requestForPost(BaseResource.java:47)
at com.cv.ibs.mobile.resources.GeneralResource.initialize(GeneralResource.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:200)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at com.ibm.mfp.server.java.adapter.shared.JAXRSSandbox.doFilter(JAXRSSandbox.java:579)
at com.ibm.mfp.server.java.adapter.shared.FilterChainImpl.doFilter(FilterChainImpl.java:86)
at com.ibm.mfp.server.java.adapter.shared.JAXRSSandbox.handleRequest(JAXRSSandbox.java:584)
at com.ibm.mfp.server.java.adapter.internal.rest.AdaptersEndpoint.adapterServing(AdaptersEndpoint.java:123)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1285)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:776)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:473)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:135)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:74)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:978)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1100)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:81)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:912)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.run(DynamicVirtualHost.java:262)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 77 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 83 more
但是如果转到 MFP 控制台将 url 改回 http,它仍然有效。
有没有遗漏的步骤?
不知道为什么 mfp.jks 没有被 server.xml 加载甚至重新启动 mfp 服务器。
我找到了另一种替代方法,方法是将以下值添加到 mfp 服务器的 jvm.options 中:
-Djavax.net.ssl.trustStore=/opt/IBM/libertyCore/usr/servers/mfp1/resources/security/mfp.jks
-Djavax.net.ssl.trustStorePassword=cyber123
重新启动 mfp 服务器,它就会工作。
美好的一天,
我有一个 MobileFirst 服务器,它将调用我的银行端应用程序(IP 地址:10.8.1.46)。
当我连接到 http 后端应用程序时它正在工作。
我想将其更改为连接到 https
。
以下是我完成的步骤:
登录bakend服务器,运行以下命令生成keystore:
keytool -genkey -alias backend -keyalg RSA -validity 365 -keystore backend.jks -storetype JKS
它提示输入密钥库密码、名字和姓氏以及其他信息。
对于名字和姓氏,我输入 10.8.1.46
我用运行下面的命令导出
crt
文件keytool -export -alias backend -keystore backend.keystore -rfc -file backend.crt
我将此
backend.crt
复制到我的mfp
服务器。在我的 mfp 服务器中,我还通过以下命令创建了一个密钥库:keytool -keystore mfp.jks -genkey -alias mfp -keyalg RSA
我运行以下命令将后端证书导入 mfp 密钥库。
keytool -import -alias backend -file backend.crt -storetype JKS -keystore mfp.jks
我 运行 用于验证证书是否在密钥库中的 keytool 命令,是的,它在里面。
keytool -list -keystore mfp.jks
接下来,我去编辑 mfp 服务器
server.xml
,我更新密钥库标签如下:<keyStore id="defaultKeyStore" location="/opt/IBM/libertyCore/usr/servers/mfp1/resources/security/mfp.jks" password="pass123" type="jks" />
然后我在 adapter.xml 的
<connectivity>
标签中添加:
<displayName>MyAdapter</displayName>
<description>MyAdapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>10.8.1.46</domain>
<port>8443</port>
<sslCertificateAlias>mfp</sslCertificateAlias>
<sslCertificatePassword>pass123</sslCertificatePassword>
</connectionPolicy>
</connectivity>
<JAXRSApplicationClass>c.c.i.mobile.MyAdapterApplication</JAXRSApplicationClass>
<property name="rest.api.base.url" defaultValue="https://10.8.1.46:8443/api/v1" description="REST API Base URL" />
<property name="rest.api.connection.request.timeout" defaultValue="4000" description="REST API Connection Request Timeout (miliseconds)" />
<property name="rest.api.connect.timeout" defaultValue="10000" description="REST API Connect Timeout (miliseconds)" />
<property name="rest.api.socket.timeout" defaultValue="50000" description="REST API Socket Timeout (miliseconds)" />
<securityCheckDefinition name="UserAuthentication" class="c.c.i.mobile.authentication.UserAuthentication">
<property name="maxAttempts" defaultValue="3" description="How many attempts are allowed"/>
</securityCheckDefinition>
- 重新启动 mfp 服务器。
但是,当向 https 后端服务发出请求时,我仍然遇到证书错误。
[2/20/20 18:56:37:900 MYT] 0000008c c.c.i.mobile.resources.GeneralResource I >>> initialize
[2/20/20 18:56:37:906 MYT] 0000008c c.c.i.mobile.client.RestClient E client fail to execute REST
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.cv.ibs.mobile.client.RestClient.execute(RestClient.java:55)
at com.cv.ibs.mobile.resources.BaseResource.requestForPost(BaseResource.java:47)
at com.cv.ibs.mobile.resources.GeneralResource.initialize(GeneralResource.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:200)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at com.ibm.mfp.server.java.adapter.shared.JAXRSSandbox.doFilter(JAXRSSandbox.java:579)
at com.ibm.mfp.server.java.adapter.shared.FilterChainImpl.doFilter(FilterChainImpl.java:86)
at com.ibm.mfp.server.java.adapter.shared.JAXRSSandbox.handleRequest(JAXRSSandbox.java:584)
at com.ibm.mfp.server.java.adapter.internal.rest.AdaptersEndpoint.adapterServing(AdaptersEndpoint.java:123)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1285)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:776)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:473)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:135)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:74)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:978)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1100)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:81)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:912)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.run(DynamicVirtualHost.java:262)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 77 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 83 more
但是如果转到 MFP 控制台将 url 改回 http,它仍然有效。
有没有遗漏的步骤?
不知道为什么 mfp.jks 没有被 server.xml 加载甚至重新启动 mfp 服务器。
我找到了另一种替代方法,方法是将以下值添加到 mfp 服务器的 jvm.options 中:
-Djavax.net.ssl.trustStore=/opt/IBM/libertyCore/usr/servers/mfp1/resources/security/mfp.jks
-Djavax.net.ssl.trustStorePassword=cyber123
重新启动 mfp 服务器,它就会工作。