Java开发网 - Re:ssl connection error

Java开发网

您没有登录

» Java开发网 » Java Security

打印话题 寄给朋友 订阅主题

作者	ssl connection error
roy_nixping 发贴: 36 积分: 0	于 2003-10-31 14:37 我连一下URL时出现这样的错误 conncetion to URL https://161.88.246.152/RosettaNet failed with following error: peer sent alert :Alart falter :bad certificate java.io.IOException:java.net.SocketException:Connection reset by peer:socket close. 请问盖怎样解决？

作者	Re:ssl connection error [Re:roy_nixping]
floater Java Jedi 总版主发贴: 3233 积分: 421	于 2003-10-31 23:18 please provide your info, otherwise people can't help you? Are you using a browser, or use java, don't assume everyone knows anthing you do. "Any fool can write code that a computer can understand. Good programmers write code that humans can understand." - Martin Fowler, Refactoring - Improving the Design of Existing Code

作者

Re:ssl connection error [Re:roy_nixping]

roy_nixping

发贴: 36
积分: 0

于 2003-11-03 09:36

我是在调试两个web服务器对连时出现了上面的问题。(双方不清楚对方的web服务器是何类型）

两个服务器用https连接。我们都有对方的client ceritificate.root certificate.

本地服务器在执行send data to https://161.88.xx.xx:8443/RosettaNet时出现错误，send data是本地服务器提供的一个service。

是否因为在SSL握手时本地服务器送出的client certificate不对或对方没有把我的client certificate放在可信任客户列表(我猜测）.导致不能建立连接。

作者

Re:ssl connection error [Re:roy_nixping]

floater

Java Jedi

总版主

发贴: 3233
积分: 421

于 2003-11-03 23:56

That's what I suspect, however there are some info:
1. When the client cert is not right, you should get this:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2. When the server's cert is not trusted by the client, you should get this:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate

In your case, if we read the error literally, the cert is bad! But we don't know which cert, the server side or the client side. You need to check both.
Maybe the format is not right, see below.

Some info for you reference:
When URLConnection is used for HTTP(S) connection:
1. We can specify the truststore and keystore like this:


System.setProperty("javax.net.ssl.trustStore", "<name here>");
System.setProperty("javax.net.ssl.keyStore", "<name here>");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

The truststore is used by the client to trust server's cert, so put server's cert or its CA cert in there. Use keytool to create this store and import the cert.
The keystore is used to store client's cert. KEEP IN MIND, in keystore, the store's password has to be the same as the private key's password, otherwise you will get wield errors(not clear enough). The password can NOT be null or empty. Further more, the keystore has to be in JKS format. So if you have p12, pfx, write a simple class to convert it.
2. Here is the way to setup proxy/firewall, if you have to go through firewalls.
For https:


System.setProperty("https.proxySet", "true");
System.setProperty("https.proxyHost", "<proxy server here>");
System.setProperty("https.proxyPort", "80");

String tmp = "name" + ":" + "password";
String encodedpswd = "Basic " + new sun.misc.BASE64Encoder().encode(tmp.getBytes());
if (conn != null)
{
     conn.setRequestProperty("Proxy-Authorization", encodedpswd);
}

For http, just replace https with http in the above.

floater edited on 2003-11-03 23:59

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code

已读帖子

新的帖子

被删除的帖子