2. 질의 응답
  3. HTTPS를 통한 RESTful 웹 서비스

HTTPS를 통한 RESTful 웹 서비스

2017-10-19 1 views
1

내 도메인의 SSL 인증서를 Plesk에서 암호화 확장으로 설치했습니다. HTTPS의 기본 포트는 입니다. 그것은 잘 작동합니다.HTTPS를 통한 RESTful 웹 서비스

지금 나는 (Plesk를에 사용되는 것과 같은하자의 암호화 인증서에서)를 JKS 키 스토어를 생성하고 포트를 다른 포트 445에 톰캣의 커넥터를 구성하려면이 대답 https://community.letsencrypt.org/t/how-to-use-the-certificate-for-tomcat/3677/2를 따라 톰캣 (7)에 인증서를 설치합니다. 브라우저에서 바람둥이 페이지 (https://mywebsite.com:445)를 열면 페이지가 안전합니다. 나는 (내가하려고하면 있지만 (https://mywebsite.com:443가) 작동) 결과는 예외입니다

public static void main(String[] args) { 

    try { 

    URL url = new URL("https://mywebsite.com:445"); 
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); 
    conn.setRequestMethod("GET"); 
    conn.setRequestProperty("Accept", "text/plain"); 

    if (conn.getResponseCode() != 200) { 
     throw new RuntimeException("Failed : HTTP error code : " 
       + conn.getResponseCode()); 
    } 

    BufferedReader br = new BufferedReader(new InputStreamReader(
     (conn.getInputStream()))); 

    String output; 
    System.out.println("Output from Server .... \n"); 
    while ((output = br.readLine()) != null) { 
     System.out.println(output); 
    } 

    conn.disconnect(); 

    } catch (MalformedURLException e) { 

    e.printStackTrace(); 

    } catch (IOException e) { 

    e.printStackTrace(); 

    } 

}

다음과 같은 자바 클라이언트로에

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at sun.security.ssl.Handshaker.processLoop(Unknown Source) 
    at sun.security.ssl.Handshaker.process_record(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at java.net.HttpURLConnection.getResponseCode(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source) 
    at main.NetClient.print_https_cert(NetClient.java:98) 
    at main.NetClient.testIt(NetClient.java:79) 
    at main.NetClient.main(NetClient.java:66) 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 17 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 23 more 
****** Content of the URL ******** 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
    at java.lang.reflect.Constructor.newInstance(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) 
    at main.NetClient.print_content(NetClient.java:131) 
    at main.NetClient.testIt(NetClient.java:82) 
    at main.NetClient.main(NetClient.java:66) 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at sun.security.ssl.Handshaker.processLoop(Unknown Source) 
    at sun.security.ssl.Handshaker.process_record(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at java.net.HttpURLConnection.getResponseCode(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source) 
    at main.NetClient.print_https_cert(NetClient.java:98) 
    at main.NetClient.testIt(NetClient.java:79) 
    ... 1 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 17 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 23 more

I를 연결하려고 할 때

문제는 HTTPS를 통해 내 RESTful 웹 서비스의 리소스에 액세스해야한다. 도와주세요. 미리 감사드립니다.

출처

2017-10-19 Pasquale Pio Pazienza

답변

0

백업 JAVA_HOME에서 cacert :

$cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/jssecacerts

그런 다음 서비스에서 인증서를 가져옵니다.

$keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass 
changeit -noprompt -alias {cert alias} -file {cert file}

그리고 앱을 다시 시작하십시오.

출처

2017-10-19 18:43:10 AndresMontj

+0

고마워요 ... 그것을 작동 ... ... 마지막 질문 : 나는 다른 종류의 클라이언트를 (예 : 사용하려는 경우 Android, IOS, 스마트 장치)를 사용하려면 먼저 서비스 인증서를 가져와야합니까? –

+0

예, SSL 인증서가 자체 서명 된 것으로 생각합니다. 인증서를 가져올 때 PKIX 오류가 발생합니다. Java 인증서를 신뢰할 수있는 인증서로 가져옵니다. – AndresMontj

0

Java에 필요한 인증서가 없습니다.

기본적으로 Java는 신뢰할 수있는 인증서 목록과 함께 제공됩니다. 파일은 JAVA_HOME/jre/lib/security/cacerts입니다.

이 경우 새롭고 자체 서명 된 인증서이므로 신뢰할 수 있음을 Java에 알려야합니다. 당신은 cacerts 파일에 인증서를 추가하여이를 수행 할 수 있습니다 :

keytool -import -trustcacerts -alias <unique alias name>-file <certificate file path> -keystore <cacerts file path>

출처

2017-10-20 04:53:38 atom

+0

답변 해 주셔서 감사합니다. –

+0

마지막 질문 : 다른 유형의 클라이언트 (Android, IOS, 스마트 장치 등)를 사용하려면 먼저 서비스 인증서를 가져와야합니까? –

관련 문제

 관련 문제