欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

替换证书,造成bad_certificate

程序员文章站 2022-06-22 12:29:37
...
系统调用外部的web service,走https方式,今天测试人员自己替换了https证书之后,说调用不通了,我协助定位了一下,在此记录一下定位过程,作为记录

查看cxf日志,发现以下错误信息:

javax.xml.ws.soap.SOAPFaultException: Received fatal alert: bad_certificate

Caused by: org.apache.cxf.interceptor.Fault: Received fatal alert: bad_certificate

Caused by: com.ctc.wstx.exc.WstxIOException: Received fatal alert: bad_certificate

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1555) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:689) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:985) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:904) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) ~[na:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) ~[na:1.6]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) ~[na:1.6]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) ~[na:1.6]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014) ~[na:1.6.0_29]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) ~[na:1.6]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1840) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1798) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) ~[cxf-2.0.13.jar:2.0.13]
at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:68) ~[cxf-2.0.13.jar:2.0.13]
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) ~[wstx-asl-3.2.4.jar:3.2.4]
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) ~[wstx-asl-3.2.4.jar:3.2.4]
... 62 common frames omitted

感觉是证书的问题,于是从服务器上取下证书,用keytool -list -v 命令看了一下,配置的CN是正确的

但是比对了一下这个证书和原始证书的大小,发现不符合,显然不是同一份证书

因为对方的web service是双向认证https的,所以原先的证书信息,已经导入到对方的truststore里了。现在临时替换了一个证书,没有重新导入对方的truststore中,因此对方不接受新的证书,造成调用无法成功