那些遇到过的问题

SoapUI无法连接HTTPS(SSLPeerUnverifiedException)

Leo*_*rak 7 java ssl soapui

我需要测试部署到HTTPS端点上部署的预发布环境的Web服务.不幸的是,SoapUI失败了SSLPeerUnverifiedException: peer not authenticated.我使用了4.6.4和非常新的5.0版本.

ENV:

端点是https,startcom证书,网络使用代理(但相同的问题,没有代理与不同的网络)

我花了很多时间,也许每天谷歌搜索一个解决方案.特别是这个链接看起来很有希望:https://forum.soapui.org/viewtopic.php?f = 13&t = 20866

我通过firefox提取了端点证书并让它信任.所以我cacerts从soapui JVM安装修改:

..\SoapUI-4.6.4\jre\lib\security>keytool -import -alias HOSTNAME 
-file endpoint.crt -keystore cacerts -storepass changeit
Run Code Online (Sandbox Code Playgroud)

重新启动然后重新测试 - 失败.

然后我采取了不同的方法,让SoapUI JVM信任所有StartCom证书.

keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
Run Code Online (Sandbox Code Playgroud)

重新启动并再次失败.我现在还能做什么?

编辑

2014-05-30 08:39:53,782 ERROR [errorlog] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:446)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:499)
at com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.createLayeredSocket(SoapUISSLSocketFactory.java:268)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:200)
at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:277)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:142)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:758)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:565)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:238)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:348)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:318)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:232)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
Run Code Online (Sandbox Code Playgroud)

SSL调试:

adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer:  CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x1
Valid from Sun Sep 17 21:46:36 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Thread-20, WRITE: TLSv1 Handshake, length = 186
Thread-20, READ: TLSv1 Alert, length = 2
Thread-20, RECV TLSv1 ALERT:  warning, unrecognized_name
SSL - handshake alert: unrecognized_name
Thread-20, handling exception: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
Thread-20, SEND TLSv1 ALERT:  fatal, description = unexpected_message
Thread-20, WRITE: TLSv1 Alert, length = 2
Thread-20, called closeSocket()
Thread-20, IOException in getSession():  javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
09:16:12,482 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Run Code Online (Sandbox Code Playgroud)

Leo*_*rak 15

好的,这个问题的解决方法是设置

-Djsse.enableSNIExtension=false
Run Code Online (Sandbox Code Playgroud)

$SOAPUI_HOME/bin/soapui.bat

原因在这个答案中描述:https://stackoverflow.com/a/14884941/1639556

消化:

Java 7引入了默认启用的SNI支持.我发现某些配置错误的服务器在SSL握手中发出"无法识别的名称"警告,大多数客户端都会忽略该警告......除了Java.

更新:对于SoapUI 5.2.1我不得不更改文件,SoapUI-5.2.1.vmoptions因为修改bat文件没有帮助.

alb*_*iff 5

我认为你做得很好。如果您在信任库上加载服务器证书,则连接必须有效,可能正在发生某些事情,例如重定向。如果需要,您可以尝试禁用 SSL 服务器证书验证。如果您使用 SOAPUI 独立版本,请编辑$SOAPUI_HOME/bin/soapui.bator$SOAPUI_HOME/bin/soapui.sh并将此参数添加-Dcom.sun.net.ssl.checkRevocation=false为 java 选项:

肥皂泡

set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.net.ssl.checkRevocation=false

肥皂剧

JAVA_OPTS="$JAVA_OPTS -Dcom.sun.net.ssl.checkRevocation=false"

希望这可以帮助,

小智 5

对于任何使用Mac寻找相同答案的人(抱歉,它不会让我对所选答案发表评论,因为我还没有足够的声望点评论!!!).如果通过单击"应用程序"文件夹中的图标或使用Spotlight启动应用程序,则编辑soapui.sh不会产生任何影响.

/Applications/SoapUI-5.0.0.app/Contents

编辑vmoptions.txt并将-Dcom.sun.net.ssl.checkRevocation = false添加到文件的底部..保存并重新启动.

归档时间:

查看次数:

79110 次

最近记录:

9 年 前
SSL握手警报:自升级到Java 1.7.0以来unrecognized_name错误 222
SoapUI不与fiddler一起进行REST服务测试 6
更多相关链接
相关归档
我应该如何在Java中复制字符串? 180
如何获取字符串的最后一个字符? 167
intelliJ IDEA 13错误:请选择Android SDK 70
无法为类example.Simple创建调用适配器 67
无法启动组件[StandardEngine [Catalina] .StandardHost [localhost] .StandardContext [/ JDBC_DBO]] 53
为什么将JNDI用于数据源 46
从 Jenkins 插件调用 API 时获取“java.net.SocketException: Connection reset with (SSL-Self Signed Certificate)” 11
Python/Twisted程序在Windows下验证SSL证书的正确方法是什么? 7
如何在 Linux 中的 .NET Core 中将客户端证书附加到 HttpClient? 5
如何为 Elastic Beanstalk url 启用 HTTPS 2
难疑归档
'git pull'和'git fetch'有什么区别? 11447
如何将空目录添加到Git存储库? 4039
如何使用Curl从终端/命令行发布JSON数据到测试Spring REST? 2606
什么是NullReferenceException,我该如何解决? 1876
如何在HTTP POST请求中发送参数? 1396
静态只读与const 1349
你怎么能加速Eclipse? 1258
如何在Vim中移动到行尾? 1140
如何在滚动后检查元素是否可见? 1115
为什么有两种方法可以在Git中取消暂存文件? 1109