背景
我的应用程序部署在jboss 5中,与需要MASSL的Web服务服务器进行通信。 (2路SSL)为什么在SSL连接期间不发送客户端证书? CXF 2.7.9
问题
通过查看日志SSL连接,客户端证书不发送,即使它在一开始被加载。
日志详细信息如下,客户端证书应该在服务器问候完成后发送。
[编辑]添加更多细节基于应答
在日志添加CertificateRequest
Cient证书实际上上述请求匹配 - (a)中的算法是RSA,(b)中由一个在请求中指定的CA签名
l OGS:
2016-11-25 09:32:38,434 INFO [STDOUT] (http-0.0.0.0-8080-4) keyStore is : /XX/XX/my.jks
2016-11-25 09:32:38,434 INFO [STDOUT] (http-0.0.0.0-8080-4) keyStore type is : jks
2016-11-25 09:32:38,434 INFO [STDOUT] (http-0.0.0.0-8080-4) keyStore provider is :
2016-11-25 09:32:38,434 INFO [STDOUT] (http-0.0.0.0-8080-4) init keystore
2016-11-25 09:32:38,440 INFO [STDOUT] (http-0.0.0.0-8080-4) init keymanager of type SunX509
2016-11-25 12:00:04,420 INFO [STDOUT] (http-0.0.0.0-8080-4) ***
2016-11-25 12:00:04,421 INFO [STDOUT] (http-0.0.0.0-8080-4) found key for : mykey
2016-11-25 12:00:04,432 INFO [STDOUT] (http-0.0.0.0-8080-4) chain [0] = [
[
Version: V3
Subject: CN=xx.xxx.xxx.com, OU=xxxxxxxx, O=xxxx, L=xxxx, ST=xxx, C=xx
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Issuer: CN=abc AD Object CA1, DC=core, DC=dir, DC=def, DC=com
...
2016-11-25 12:00:05,520 INFO [STDOUT] (http-0.0.0.0-8080-4) *** CertificateRequest
2016-11-25 12:00:05,521 INFO [STDOUT] (http-0.0.0.0-8080-4) Cert Types:
2016-11-25 12:00:05,521 INFO [STDOUT] (http-0.0.0.0-8080-4) RSA
2016-11-25 12:00:05,521 INFO [STDOUT] (http-0.0.0.0-8080-4) Cert Authorities:
2016-11-25 12:00:05,521 INFO [STDOUT] (http-0.0.0.0-8080-4) <CN=abc AD Object CA1, DC=core, DC=dir, DC=def, DC=com>
2016-11-25 12:00:05,521 INFO [STDOUT] (http-0.0.0.0-8080-4) <CN=abc Policy CA1, O=gh Corporation Limited>
2016-11-25 12:00:05,522 INFO [STDOUT] (http-0.0.0.0-8080-4) <CN=abc Root CA>
2016-11-25 09:32:39,475 INFO [STDOUT] (http-0.0.0.0-8080-4) *** ServerHelloDone
2016-11-25 09:32:39,475 INFO [STDOUT] (http-0.0.0.0-8080-4) *** Certificate chain
2016-11-25 09:32:39,475 INFO [STDOUT] (http-0.0.0.0-8080-4) ***
2016-11-25 09:32:39,482 INFO [STDOUT] (http-0.0.0.0-8080-4) *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
2016-11-25 09:32:39,482 INFO [STDOUT] (http-0.0.0.0-8080-4) http-0.0.0.0-8080-4, WRITE: TLSv1 Handshake, length = 269
2016-11-25 09:32:39,482 INFO [STDOUT] (http-0.0.0.0-8080-4) SESSION KEYGEN:
2016-11-25 09:32:39,483 INFO [STDOUT] (http-0.0.0.0-8080-4) PreMaster Secret:
问题
难道我失去了一些东西?
我想这一个匹配的CertificateRequest表示的约束证书无法被发现。请注意,客户端正在发送一个空的'CertificateChain'。 – slawekpl
是的,我注意到了。这是客户端发送证书的地方,现在它是空的。 – David