1. Zuhause
  2. Frage und Antwort
  3. SSL-Handshake fehlgeschlagen für Eureka Discovery Client

SSL-Handshake fehlgeschlagen für Eureka Discovery Client

2016-10-04 2 views
0

Ich konnte das Setup der Spring-Cloud mit Eureka + ZUUL + Ribbon + Config Server über HTTP einrichten und erfolgreich validieren.SSL-Handshake fehlgeschlagen für Eureka Discovery Client

Wenn ich jedoch versuchte, zu den HTTPS zu wechseln, laufen einzelne Dienste gut über HTTPS, aber die Eureka Client Discovery schlägt fehl.

Unten ist mein application.yml für Eureka Server und Client (in diesem Fall ZUUL) -

Eureka:

server: 
    port: 8761 
    ssl: 
    key-store: 
     ${PATH}certFile.ini 
    key-store-password: 
     ~Sample7~ 
    trust-store: 
     ${PATH}certFile.ini 
    trust-store-password: 
     ~Sample7~ 
    keyStoreType: 
     XXXXXX 
    keyAlias: 
     signingKey 
    ciphers: 
     TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    protocol: 
     TLS 

eureka: 
    instance: 
    hostname: 
     localhost 
    securePort: 
     8761 
    securePortEnabled: 
     true 
    nonSecurePortEnabled: 
     false 
    secureVirtualHostName: Discovery Server 
    homePageUrl: 
     https://127.0.0.1:8761/eureka/ 
    statusPageUrl: https://127.0.0.1:8761/eureka/admin/info 
    client: 
    registerWithEureka: false 
    fetchRegistry: false 
    server: 
    waitTimeInMsWhenSyncEmpty: 0

Eureka Auftraggeber:

server: 
    port: 8010 
    ssl: 
     enabled: 
     true 
     key-store: 
      ${PATH}certFile.ini 
     key-store-password: 
      ~Sample7~ 
     trust-store: 
      ${PATH}certFile.ini 
     trust-store-password: 
      ~Sample7~ 
     keyStoreType: 
      XXXXXX 
     keyAlias: 
      signingKey 
     ciphers: 
      TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
     protocol: 
      TLS 

eureka: 
    client: 
     serviceUrl: 
      defaultZone: https://127.0.0.1:8761/eureka/ 
     healthcheck: 
      enabled: true 
     lease: 
      duration: 5 
spring: 
    application: 
     name: apigateway 
ribbon: 
    ConnectTimeout: 60000 
    ReadTimeout: 600000 

hystrix: 
    command: 
     default: 
      execution: 
       timeout: 
        enabled: false 
       isolation: 
        strategy: THREAD 
        thread: 
         timeoutInMilliseconds: 60000

Jetzt, als ich Anfang Eureka Server, es steht auf https, aber beim Versuch, die Client-Anwendung auszuführen, bekomme ich unter Fehler-

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187) ~[jersey-apache-client4-1.19.1.jar:1.19.1] 
    at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123) ~[jersey-client-1.19.1.jar:1.19.1] 
    at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27) ~[eureka-client-1.4.11.jar:1.4.11] 
    at com.sun.jersey.api.client.Client.handle(Client.java:652) ~[jersey-client-1.19.1.jar:1.19.1] 
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) ~[jersey-client-1.19.1.jar:1.19.1] 
    at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) ~[jersey-client-1.19.1.jar:1.19.1] 
    at com.sun.jersey.api.client.WebResource$Builder.delete(WebResource.java:591) ~[jersey-client-1.19.1.jar:1.19.1] 
    at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.cancel(AbstractJerseyEurekaHttpClient.java:76) ~[eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$2.execute(EurekaHttpClientDecorator.java:74) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73) ~[eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.cancel(EurekaHttpClientDecorator.java:71) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$2.execute(EurekaHttpClientDecorator.java:74) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:118) ~[eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:79) ~[eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.cancel(EurekaHttpClientDecorator.java:71) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$2.execute(EurekaHttpClientDecorator.java:74) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:119) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.cancel(EurekaHttpClientDecorator.java:71) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$2.execute(EurekaHttpClientDecorator.java:74) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.cancel(EurekaHttpClientDecorator.java:71) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.DiscoveryClient.unregister(DiscoveryClient.java:902) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.DiscoveryClient.shutdown(DiscoveryClient.java:880) [eureka-client-1.4.11.jar:1.4.11] 
    at com.netflix.discovery.DiscoveryClient$$FastClassBySpringCGLIB$$a84c8cb4.invoke(<generated>) [eureka-client-1.4.11.jar:1.4.11] 
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) [spring-core-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.cloud.context.config.StandardBeanLifecycleDecorator$2.invoke(StandardBeanLifecycleDecorator.java:85) [spring-cloud-context-1.1.3.RELEASE.jar:1.1.3.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.cloud.netflix.eureka.CloudEurekaClient$$EnhancerBySpringCGLIB$$92dcbb78.shutdown(<generated>) [spring-cloud-netflix-eureka-client-1.2.0.RELEASE.jar:1.2.0.RELEASE] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91] 
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at com.sun.proxy.$Proxy88.shutdown(Unknown Source) [na:na] 
    at org.springframework.cloud.netflix.eureka.EurekaDiscoveryClientConfiguration.onApplicationEvent(EurekaDiscoveryClientConfiguration.java:192) [spring-cloud-netflix-eureka-client-1.2.0.RELEASE.jar:1.2.0.RELEASE] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91] 
    at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:253) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:174) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:137) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:166) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:138) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:382) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:336) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:989) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:956) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE] 
    at org.springframework.boot.admin.SpringApplicationAdminMXBeanRegistrar$SpringApplicationAdmin.shutdown(SpringApplicationAdminMXBeanRegistrar.java:126) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91] 
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71) [na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91] 
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.ConvertingMethod.invokeWithOpenReturn(ConvertingMethod.java:193) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.ConvertingMethod.invokeWithOpenReturn(ConvertingMethod.java:175) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.MXBeanIntrospector.invokeM2(MXBeanIntrospector.java:117) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.MXBeanIntrospector.invokeM2(MXBeanIntrospector.java:54) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) [na:1.8.0_91] 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) [na:1.8.0_91] 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) [na:1.8.0_91] 
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468) [na:1.8.0_91] 
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76) [na:1.8.0_91] 
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309) [na:1.8.0_91] 
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1401) [na:1.8.0_91] 
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:829) [na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91] 
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91] 
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:324) [na:1.8.0_91] 
    at sun.rmi.transport.Transport$1.run(Transport.java:200) [na:1.8.0_91] 
    at sun.rmi.transport.Transport$1.run(Transport.java:197) [na:1.8.0_91] 
    at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_91] 
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196) [na:1.8.0_91] 
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) [na:1.8.0_91] 
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) [na:1.8.0_91] 
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) [na:1.8.0_91] 
    at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_91] 
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) [na:1.8.0_91] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_91] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[na:1.8.0_91] 
    at java.lang.Thread.run(Thread.java:745) ~[na:1.8.0_91] 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_91] 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91] 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_91] 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_91] 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[na:1.8.0_91] 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_91] 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91] 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91] 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91] 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91] 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_91] 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_91] 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:117) ~[httpclient-4.5.2.jar:4.5.2] 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[httpclient-4.5.2.jar:4.5.2] 
    at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173) ~[jersey-apache-client4-1.19.1.jar:1.19.1] 
    ... 98 common frames omitted 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_91] 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_91] 
    at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_91] 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_91] 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_91] 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_91] 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_91] 
    ... 116 common frames omitted 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_91] 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_91] 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_91] 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[na:1.8.0_91] 
    ... 122 common frames omitted

Irgendwelche Vorschläge mit, was ich in diesem möglicherweise fehlen würde?

Br

Quelle

2016-10-04 aj1984

+0

'server.ssl' für die Embedded-Container (tomcat, Anlegestelle etc ..) nicht für die Kunden zu Heureka verbinden. – spencergibb

Antwort

0

Dies ist, weil Sie das Zertifikat in Ihre JVM nicht importieren. Es stört mich auch, weil ich in unseren Produktions-JVMs einfach keinen Import machen kann. Meine Lösung ist eine benutzerdefinierte EurekaJerseyClient, um den Standard in DiscoveryClient zu ersetzen.

Dies muss getan werden, weil der Standard EurekaJerseyClient wird den Standard-ssl Kontext in Apache HTTP-Client verwenden, aber nicht die, setzen Sie SSLContext.setDefault (SSL-Kontext) oder HttpsURLConnection.setDefaultSSLSocketFactory (sslContext.getSocketFactory mit()). So funktioniert das HostnameVerifier.

Ich stellte die gleiche Frage und posten die Antwort selbst. Sie können es überprüfen here.

Quelle

2017-02-17 10:48:59

0

Sie shoud ssl für Band config:

ribbon.TrustStore= etc/keystore.jks 
ribbon.TrustStorePassword= [email protected] 
ribbon.ReadTimeout= 60000 
ribbon.IsSecure= true 
ribbon.MaxAutoRetries= 2

Quelle

2017-11-10 08:38:05

Verwandte Themen

 Verwandte Themen