Java/SSL服务器套接字

Question

我在写一个应用程序，它将通过端口636接受LDAP查询，做一些非ldap的东西，然后交回一个ldap寻找响应。

我对Java有点新，但已经管理了很多 - 我创建了一个自签名证书，将其导入到密钥库中。

当试图使我得到以下错误的连接 - 主，处理异常： javax.net.ssl.SSLHandshakeException：收到致命警报：unknown_ca

啊...我已经包括了调试信息在底部..我的应用程序确实在keystore中找到了证书 - 感谢您的任何帮助。

System.setProperty("javax.net.debug", "ssl"); 
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks"); 
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword"); 
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); 
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks"); 
int port = 636; 

ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault(); 
ServerSocket ssocket; 
ssocket = ssocketFactory.createServerSocket(port); 

// Listen for connections 
while (true) 
{ 
    Socket socket = ssocket.accept(); 
    InputStream in = socket.getInputStream(); 

    // do stuff 
socket.close(); 
} 

///// DEBUG OUT当程序运行

keyStore is : C:\openssl\certs\laptop.ks 
keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
*** 
found key for : mylaptop 
chain [0] = [ 
[ 
    Version: V1 
    Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 

    Key: Sun RSA public key, 1024 bits 
    modulus: <SNIP> 
    public exponent: 65537 
    Validity: [From: Fri Sep 30 09:55:27 EDT 2011, 
      To: Sat Sep 29 09:55:27 EDT 2012] 
    Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    SerialNumber: [ 03] 

] 
    Algorithm: [SHA1withRSA] 
    Signature: <snip> 

] 
*** 
trustStore is: C:\openssl\certs\laptop.ks 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
    Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
     Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 

算法：RSA;编号：0x3 有效期从星期五09月30日9时55分27秒EDT 2011至周六9月29日9时55分27秒EDT 2012

adding as trusted cert: 
    Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    Algorithm: RSA; Serial number: 0xb85a831528797e79 
    Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Allow unsafe renegotiation: true 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
matching alias: mylaptop 
main, called closeSocket() 
Allow unsafe renegotiation: true 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
main, READ: SSL v2, contentType = Handshake, translated length = 65 
    *** ClientHello, TLSv1 
Cipher Suites: <snip> 

*** 
Cipher suite: SSL_RSA_WITH_RC4_128_MD5 
*** Certificate chain 
chain [0] = [ 
[ 
    Version: V1 
    Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 

    Key: Sun RSA public key, 1024 bits 
    modulus: <snip> 
    public exponent: 65537 
    Validity: [From: Fri Sep 30 09:55:27 EDT 2011, 
       To: Sat Sep 29 09:55:27 EDT 2012] 
    Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US 
    SerialNumber: [ 03] 

] 
    Algorithm: [SHA1withRSA] 
    Signature: 
] 
*** 
*** ServerHelloDone 
main, WRITE: TLSv1 Handshake, length = 662 
main, READ: TLSv1 Alert, length = 2 
main, RECV TLSv1 ALERT: fatal, unknown_ca 
main, called closeSocket() 

Answer 1

我希望我有一个明确的答案，但做题here和here似乎表明证书生成或导入的方式存在问题。第一个建议在未启用任何扩展的情况下重新生成第二个建议确保您导入的证书具有整个链（可能不适用于您的自签证书）。