1
我有一个简单的客户端应用程序,通过HttpUrlConnection从站点下载数据。服务器使用cert auth。该应用程序(Weblogic之外)正常工作。在独立模式下,我通过SSLSocketFactory设置证书。从WebLogic客户端应用程序通过HttpUrlConnection进行Http证书认证
但该应用程序必须在WebLogic应用程序服务器内工作。
我已经将证书添加到cacerts(甚至到WebLogic的身份存储区)。在日志中我看到WL发现它。但是我有一个RECV TLSv1 ALERT: fatal, handshake_failure错误。
我以不同的方式做了什么?感谢名单!
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnabledCipherSuites(String[]): value=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnabledProtocols(String[]): value=SSLv2Hello,SSLv3,TLSv1.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnableSessionCreation(boolean):value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setWantClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setNeedClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setNeedClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1377072614 bytes = { 22, 18, 8, 150, 85, 185, 67, 160, 51, 252, 172, 191, 141, 100, 201, 254, 187, 63, 235, 175, 246, 17, 165, 128, 216, 209, 228, 102 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 75
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: SSLv2 client hello message, length = 101
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 103.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 74
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK bytesConsumed = 79 bytesProduced = 0.>
*** ServerHello, TLSv1
RandomCookie: GMT: 1377072630 bytes = { 90, 186, 22, 195, 56, 131, 89, 24, 40, 175, 153, 6, 104, 172, 220, 160, 93, 105, 251, 97, 118, 101, 103, 72, 243, 179, 201, 87 }
Session ID: {146, 153, 76, 87, 103, 112, 44, 239, 163, 85, 147, 205, 99, 91, 81, 62, 74, 79, 82, 96, 106, 103, 78, 165, 35, 242, 44, 71, 227, 192, 111, 253}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-3, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 1667
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK
bytesConsumed = 1672 bytesProduced = 0.>
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: [email protected], CN=*.takarnet.hu, O=Foldhivatal, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: ************
public exponent: 65537
Validity: [From: Tue Sep 14 15:01:48 CEST 2010,
To: Fri Dec 11 14:01:48 CET 2037]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 341c]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
S/MIME
Object Signing
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
chain [1] = [
[
Version: V3
Subject: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: ************
public exponent: 65537
Validity: [From: Tue Feb 12 11:25:51 CET 2002,
To: Sat Jun 30 12:25:51 CEST 2029]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 00]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
SSL CA
S/MIME CA
]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
[[email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU]
SerialNumber: [ 00]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
***
Found trusted certificate:
[
[
Version: V3
Subject: [email protected], CN=*.takarnet.hu, O=Foldhivatal, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: **************
public exponent: 65537
Validity: [From: Tue Sep 14 15:01:48 CEST 2010,
To: Fri Dec 11 14:01:48 CET 2037]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 341c]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 32 16 30 54 68 69 73 20 43 65 72 74 69 66 69 .2.0This Certifi
0010: 63 61 74 65 20 77 61 73 20 47 65 6E 65 72 61 74 cate was Generat
0020: 65 64 20 62 79 20 46 6F 6C 64 68 69 76 61 74 61 ed by Foldhivata
0030: 6C 20 43 41 l CA
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
S/MIME
Object Signing
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 152
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK bytesConsumed = 157 bytesProduced = 0.>
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig)
Cert Authorities:
<EMAILADDRESS=***, CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
CONNECTION KEYGEN:
Client Nonce:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server Nonce:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Master Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client MAC write Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server MAC write Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client write key:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server write key:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client write IV:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server write IV:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 60, 110, 8, 97, 250, 71, 53, 6, 54, 184, 165, 165 }
***
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 48
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_WRAP bytesConsumed = 0 bytesProduced = 146.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_WRAP bytesConsumed = 0 bytesProduced = 6.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 53.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Alert, length = 2
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal, handshake_failure
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1467)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1435)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1601)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1031)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:647)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:585)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:490)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:93)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:71)
at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:434)
at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:78)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:400)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
我发现我的答案在另一个问题:http://stackoverflow.com/questions/14875094/ssl-server-socket-want-auth-option也许它也会帮助你。 –