1. Zuhause
  2. Frage und Antwort
  3. SSLPeerUnverifiedException Ausnahme

SSLPeerUnverifiedException Ausnahme

2017-12-14 3 views
0

Ich versuche, HTTP GET-Anforderung auszulösen unter Verwendung des Codes:SSLPeerUnverifiedException Ausnahme

httpBuilder = new HTTPBuilder(url) 
httpBuilder.setHeaders(['Authorization':'Basic MyKey']) 

httpBuilder.request(GET, JSON) { 
    response.success = { resp, reader -> 
    .......

Ich weiß, dass der Schlüssel korrekt ist, aber ich erhalte immer „Peer nicht authentifiziert“ von Assembly Zahlung für die url: https://test.api.promisepay.com/users

Ich überprüfe die Ausnahmeklasse und ihre SSLPeerUnverifiedException. Scheint etwas mit dem TLS-Protokoll zu tun zu haben.

Update:

lief ich die folgenden zwei Befehle aus:

echo -n | openssl s_client -connect test.api.promisepay.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.api.promisepay.com.cert

Zertifikat war Download und in /tmp/test.api.promisepay.com.cert gespeichert

sudo keytool -importcert -alias "assembly" -file /tmp/test.api.promisepay.com.cert -keystore /opt/java/jre/lib/security/cacerts -storepass changeit

Das Zertifikat wurde erfolgreich in den Keystore importiert, sein Fehler ist jedoch immer noch SSLPeerUnverifiedException exception.

Update 2:

trustStore is: /opt/jdk1.7.0_80/jre/lib/security/cacerts 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
    Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH 
    Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH 
    Algorithm: RSA; Serial number: 0x4eb200670c035d4f 
    Valid from Wed Oct 25 14:06:00 IST 2006 until Sat Oct 25 14:06:00 IST 2036 
adding as trusted cert: 
    Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network 
    Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network 
    Algorithm: RSA; Serial number: 0x1 
    Valid from Sat Jun 26 03:53:48 IST 1999 until Wed Jun 26 03:53:48 IST 2019 
adding as trusted cert: 
    Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US 
    Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US 
    Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d 
    Valid from Fri Nov 17 05:30:00 IST 2006 until Thu Jul 17 05:29:59 IST 2036 
adding as trusted cert: 
    Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US 
    Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US 
    Algorithm: RSA; Serial number: 0x456b5054 
    Valid from Tue Nov 28 01:53:42 IST 2006 until Sat Nov 28 02:23:42 IST 2026 
adding as trusted cert: 
    Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR 
    Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR 
    Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285 
    Valid from Tue May 26 05:30:00 IST 2009 until Tue May 26 05:30:00 IST 2020 
adding as trusted cert: 
    Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU 
    Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU 
    Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce 
    Valid from Fri Aug 01 18:01:40 IST 2008 until Sat Jul 31 18:01:40 IST 2038 




/// Lots of adding as trusted cert messages........... 








trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
http-bio-8080-exec-2, setSoTimeout(0) called 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
%% No cached client session 
*** ClientHello, TLSv1 
RandomCookie: 
GMT: 1513260023 
bytes = { 
59, 
22, 
52, 
225, 
123, 
49, 
3, 
40, 
88, 
64, 
182, 
97, 
150, 
68, 
98, 
52, 
74, 
82, 
175, 
184, 
181, 
239, 
34, 
60, 
214, 
113, 
43, 
80 } 
Session ID: 
{} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 
0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
*** 
[write] MD5 and SHA1 hashes: len = 149 
0000: 01 00 00 91 03 01 5A 33 84 F7 3B 16 34 E1 7B 31 ......Z3..;.4..1 
0010: 03 28 58 40 B6 61 96 44 62 34 4A 52 AF B8 B5 EF .([email protected] 
0020: 22 3C D6 71 2B 50 00 00 2A C0 09 C0 13 00 2F C0 "<.q+P..*...../. 
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2......... 
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................ 
0050: 04 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 17 00 ......>...4.2... 
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 
0090: 0B 00 02 01 00          ..... 
http-bio-8080-exec-2, WRITE: TLSv1 Handshake, length = 149 
[Raw write]: length = 154 
0000: 16 03 01 00 95 01 00 00 91 03 01 5A 33 84 F7 3B ...........Z3..; 
0010: 16 34 E1 7B 31 03 28 58 40 B6 61 96 44 62 34 4A .4..1.([email protected] 
0020: 52 AF B8 B5 EF 22 3C D6 71 2B 50 00 00 2A C0 09 R...."<.q+P..*.. 
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2.... 
0040: 00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................ 
0050: C0 02 C0 0C 00 04 00 FF 01 00 00 3E 00 0A 00 34 ...........>...4 
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2.............. 
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................ 
0090: 00 08 00 16 00 0B 00 02 01 00     .......... 
http-bio-8080-exec-2, received EOFException: error 
http-bio-8080-exec-2, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 
http-bio-8080-exec-2 
, SEND TLSv1 ALERT: 
fatal, 
description = handshake_failure 
http-bio-8080-exec-2, WRITE: TLSv1 Alert, length = 2 
[Raw write]: length = 7 
0000: 15 03 01 00 02 02 28        ......(
http-bio-8080-exec-2, called closeSocket() 
http-bio-8080-exec-2, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 
http-bio-8080-exec-2, called close() 
http-bio-8080-exec-2, called closeInternal(true) 
http-bio-8080-exec-2, called close() 
http-bio-8080-exec-2, called closeInternal(true) 
Exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
Finalizer, called close() 
Finalizer, called closeInternal(true)

Quelle

2017-12-14 Vivek Sadh

Antwort

1

Das Stammzertifikat Ihrer Zertifikatskette wurde die Standard-Vertrauensspeicher mit Java 8u51 hinzugefügt.

Sie haben ein der folgenden Aufgaben:

  • verwenden, um eine neue Java-Version, mindestens 8u51
  • ermöglichen nicht vertrauenswürdige Zertifikate in Ihrem Client
  • , dass bestimmtes Zertifikat als vertrauenswürdiges Zertifikat hinzufügen
  • fügen Sie dieses Stammzertifikat als vertrauenswürdiges Stammzertifikat hinzu

Quelle

2017-12-14 17:38:03 Vampire

+0

Ca n mache ich das gleiche mit Java 1.7? Ich benutze Grails 2.4.3 und denke mit Java 8 wird Probleme erstellen –

+0

Ich sagte Ihnen 4 Möglichkeiten, um Ihr Problem zu lösen, nur eine wurde aktualisiert, also rate die Antwort. Ja, es gibt drei Wege, es zu lösen. – Vampire

+0

Entschuldigung, ich habe das falsch verstanden. Es ist "einer der folgenden". Danke, ich werde es versuchen und Sie wissen lassen. –

Verwandte Themen

 Verwandte Themen