WSO2-IS 5.11.0 - 客户端 SCIM - 收到致命警报:certificate_unknown
WSO2-IS 5.11.0 - Client SCIM - Received fatal alert: certificate_unknown
我正在尝试请求在 WSO2 Identity Server 中创建一个新用户,但我无法连接到 api:
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|DEBUG|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.408 GMT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_unknown"
}
)
javax.net.ssl|ERROR|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.410 GMT|TransportContext.java:342|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:499)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
我已经在客户端导入了我的证书-truststore.jks。
步骤:
1-) keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=<"wso2-is-ip">, OU=Home,O=Home, L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon
2-) keytool -export -alias custom -keystore custom.jks -file custom.pem
3-) 在 /wso2is-5.11.0/repository/resources/security/
中导入证书
keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon
4-) 检查是否导入:
keytool -list -v -keystore client-truststore.jks -alias custom -storepass wso2carbon -keypass wso2carbon
Java申请:
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore", "custom.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
}
protected void submit(HttpMethodBase method) throws IOException {
HttpClient httpUpdateClient = new HttpClient();
// **************************Erro SSL*******************************
int responseStatus = httpUpdateClient.executeMethod(method);
// **************************Erro SSL*******************************
String response = method.getResponseBodyAsString();
System.out.println("/******SCIM response status: " + responseStatus);
System.out.println("SCIM response data: " + response + "******/");
}
我错过了什么吗?
PS:WSO2-IS 在开发环境的 docker 环境中 运行,我正在尝试从本地计算机连接。
我在我的应用程序中使用了 WSO2 IS 附带的证书并且它有效。
wso2is-5.11.0/repository/resources/security/wso2carbon.jks
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore", "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}
我正在尝试请求在 WSO2 Identity Server 中创建一个新用户,但我无法连接到 api:
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|ALL|A9|https-jsse-nio-9443-exec-5|2021-06-02 11:37:20.318 GMT|X509Authentication.java:264|No X.509 cert selected for EC
javax.net.ssl|DEBUG|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.408 GMT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_unknown"
}
)
javax.net.ssl|ERROR|AB|https-jsse-nio-9443-exec-7|2021-06-02 11:37:20.410 GMT|TransportContext.java:342|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:499)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
我已经在客户端导入了我的证书-truststore.jks。
步骤:
1-) keytool -genkey -alias custom -keyalg RSA -keysize 2048 -keystore custom.jks -dname "CN=<"wso2-is-ip">, OU=Home,O=Home, L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon
2-) keytool -export -alias custom -keystore custom.jks -file custom.pem
3-) 在 /wso2is-5.11.0/repository/resources/security/
中导入证书
keytool -import -alias custom -file custom.pem -keystore client-truststore.jks -storepass wso2carbon
4-) 检查是否导入:
keytool -list -v -keystore client-truststore.jks -alias custom -storepass wso2carbon -keypass wso2carbon
Java申请:
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore", "custom.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
}
protected void submit(HttpMethodBase method) throws IOException {
HttpClient httpUpdateClient = new HttpClient();
// **************************Erro SSL*******************************
int responseStatus = httpUpdateClient.executeMethod(method);
// **************************Erro SSL*******************************
String response = method.getResponseBodyAsString();
System.out.println("/******SCIM response status: " + responseStatus);
System.out.println("SCIM response data: " + response + "******/");
}
我错过了什么吗?
PS:WSO2-IS 在开发环境的 docker 环境中 运行,我正在尝试从本地计算机连接。
我在我的应用程序中使用了 WSO2 IS 附带的证书并且它有效。
wso2is-5.11.0/repository/resources/security/wso2carbon.jks
protected void setKeyStore() {
System.setProperty("javax.net.ssl.trustStore", "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}