0
我在写一个应用程序,它将通过端口636接受LDAP查询,做一些非ldap的东西,然后交回一个ldap寻找响应。Java/SSL服务器套接字
我对Java有点新,但已经管理了很多 - 我创建了一个自签名证书,将其导入到密钥库中。
当试图使我得到以下错误的连接 - 主,处理异常: javax.net.ssl.SSLHandshakeException:收到致命警报:unknown_ca
啊...我已经包括了调试信息在底部..我的应用程序确实在keystore中找到了证书 - 感谢您的任何帮助。
System.setProperty("javax.net.debug", "ssl");
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks");
int port = 636;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket;
ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
while (true)
{
Socket socket = ssocket.accept();
InputStream in = socket.getInputStream();
// do stuff
socket.close();
}
///// DEBUG OUT当程序运行
keyStore is : C:\openssl\certs\laptop.ks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : mylaptop
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <SNIP>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature: <snip>
]
***
trustStore is: C:\openssl\certs\laptop.ks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
算法:RSA;编号:0x3 有效期从星期五09月30日9时55分27秒EDT 2011至周六9月29日9时55分27秒EDT 2012
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0xb85a831528797e79
Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: mylaptop
main, called closeSocket()
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, READ: SSL v2, contentType = Handshake, translated length = 65
*** ClientHello, TLSv1
Cipher Suites: <snip>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
*** ServerHelloDone
main, WRITE: TLSv1 Handshake, length = 662
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unknown_ca
main, called closeSocket()
1)我不知道LDAP也通过SSL。是真的吗? 2)客户的代码在哪里?异常意味着服务器不可信 – Cratylus
@ user384706:是LDAP over SSL(LDAPS)非常常见。 – Mac