0

访问外部 SOAP Web 服务时抛出异常:

javax.xml.ws.WebServiceException:

 Failed to access the WSDL at:
  https://<IP>/ws/services/Webservice?wsdl.

It failed with:

 java.security.cert.CertificateException:
  PKIX path building failed:

   sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target.

我无法访问此 URL,我需要为我的客户发送 WAR 文件,他需要部署在另一个环境中,即 IBM Liberty 应用服务器,他说已经配置了三个证书:根证书、中间证书和真正的证书本身。

坚持必须在代码中重构某些东西,我在调用外部端点之前这样做了,将证书作为certificateFile参数传递(它们都在 src/main/resources 中):

Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(certificateFile));

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("server", certificate);

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

if (url.contains("https")) {
    HttpsURLConnection connection = (HttpsURLConnection) new URL(url).openConnection();
    connection.setSSLSocketFactory(sslContext.getSocketFactory());
} else if (url.contains("http")) {
    new URL(url).openConnection();
}

信任这些证书的真正步骤是什么以及必须在哪里完成这些步骤(应用程序、服务器、机器 JVM 等等)?

4

1 回答 1

0

如果它在 Liberty 中运行,则不需要任何特殊代码。他们可能需要将远程 Web 服务中的证书添加到 Liberty 的信任库,如此处所述:https ://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_add_trust_cert.html

于 2020-03-18T13:37:42.260 回答