Java / SSL Server Socket
I am writing an application that will accept LDAP queries via port 636, do some non ldap stuff, and then hand back an ldap looking response.
I'm a bit new to Java but have managed this much - I created a self signed cert, imported it into the keystore.
When attempting to make a connection I get the following error - main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Argh... I've included the debug information at the bottom.. My application does find the cert in the keyst开发者_如何学Core - Thanks for any help.
System.setProperty("javax.net.debug", "ssl");
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks");
int port = 636;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket;
ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
while (true)
{
Socket socket = ssocket.accept();
InputStream in = socket.getInputStream();
// do stuff
socket.close();
}
///// DEBUG OUT when program is run
keyStore is : C:\openssl\certs\laptop.ks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : mylaptop
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <SNIP>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature: <snip>
]
***
trustStore is: C:\openssl\certs\laptop.ks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x3 Valid from Fri Sep 30 09:55:27 EDT 2011 until Sat Sep 29 09:55:27 EDT 2012
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0xb85a831528797e79
Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: mylaptop
main, called closeSocket()
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, READ: SSL v2, contentType = Handshake, translated length = 65
*** ClientHello, TLSv1
Cipher Suites: <snip>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
*** ServerHelloDone
main, WRITE: TLSv1 Handshake, length = 662
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unknown_ca
main, called closeSocket()
I wish I had a definitive answer, but the SO questions here and here seem to indicate a problem with the way the certificate was generated or imported. The first suggests regenerating without any extensions enabled. The second suggests ensuring the cert you import has the entire chain (which may not be applicable for your self-signed cert).
加载中,请稍侯......
精彩评论