1. 首页
  2. 问答
  3. WSO2 API管理器无效。无法找到要求的目标的有效认证路径

WSO2 API管理器无效。无法找到要求的目标的有效认证路径

2017-06-12 114 views
1

我已经在本地启动了WSO2 API管理器。WSO2 API管理器无效。无法找到要求的目标的有效认证路径

我正在尝试添加API端点https connecttion。它显示了我那种错误。

Pic1

这表明我Invalid. unable to find valid certification path to requested target错误消息。

然后,我已经下载证书,这是从网站cer文件,并在carbon页我已导入证书wso2carbon密钥库:

pic 2

后,我重新启动我的WSO2 API Manager和尝试测试此端点,它仍然会抛出我的错误。

我错过了什么?

控制台显示错误的类型:

[2017-06-12 21:12:18,362] ERROR - APIProviderHostObject Error occurred while connecting to backend : https://example.com, reason : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401) 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178) 
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) 
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) 
    at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.sendHttpHEADRequest(APIProviderHostObject.java:4781) 
    at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.jsFunction_isURLValid(APIProviderHostObject.java:4173) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:498) 
    at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) 
    at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) 
    at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) 
    at org.jaggeryjs.rhino.publisher.modules.api.c3._c_anonymous_10(/publisher/modules/api/add.jag:225) 
    at org.jaggeryjs.rhino.publisher.modules.api.c3.call(/publisher/modules/api/add.jag) 
    at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) 
    at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) 
    at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) 
    at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) 
    at org.jaggeryjs.rhino.publisher.modules.api.c0._c_anonymous_5(/publisher/modules/api/module.jag:18) 
    at org.jaggeryjs.rhino.publisher.modules.api.c0.call(/publisher/modules/api/module.jag) 
    at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0._c_anonymous_2(/publisher/site/blocks/item-add/ajax/add.jag:233) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0.call(/publisher/site/blocks/item-add/ajax/add.jag) 
    at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0._c_script_0(/publisher/site/blocks/item-add/ajax/add.jag:9) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0.call(/publisher/site/blocks/item-add/ajax/add.jag) 
    at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) 
    at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0.call(/publisher/site/blocks/item-add/ajax/add.jag) 
    at org.jaggeryjs.rhino.publisher.site.blocks.item_add.ajax.c0.exec(/publisher/site/blocks/item-add/ajax/add.jag) 
    at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) 
    at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) 
    at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588) 
    at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508) 
    at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) 
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) 
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) 
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) 
    at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) 
    at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) 
    at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) 
    at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) 
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) 
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) 
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) 
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) 
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745) 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
    at sun.security.validator.Validator.validate(Validator.java:260) 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) 
    ... 90 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

来源

2017-06-12 Mr.D

+0

只是想法 - 也许你可以尝试将整个证书链添加到信任库(链中的所有证书)。后端证书应该位于client-truststore.jks中,并且您可以检查这没有SNI问题 – gusto2

+0

@ gusto2我添加了由两个证书组成的整个链,但仍然出现此错误。 –

+0

堆栈跟踪有什么合理的吗? (wso2carbon.log)如果没有,你可以开启握手调试(-Djavax.net。调试= SSL:握手),但你必须深挖 – gusto2

回答

2

我要回答我自己的问题。这是我如何解决这个问题。

这里是我用来解决这个问题的步骤:在使用HostnameVerifier参数

  1. <APIM_HOME>/repository/conf/axis2/axis2.xml我写了这个:

    AllowAll

  2. 然后在<APIM_HOME>\repository\resources\security有是两个密钥库,位于wso2carbon.jksclient-truststore.jks。我们可以通过碳网页导入wso2carbon.jks的证书,如我在问题中所示。然而,对于client-truststore.jks我应该手动添加此证书通过keytool

    keytool -importcert -file my_domain_sert.ser -keystore client-truststore.jks -alias "example.com"

==========================重要警告!!! ===========================

当您要下载终端的证书时,请使用您的浏览器,你应该检查你的防病毒防火墙是否覆盖你的证书。如果它覆盖,你会发生错误。

ESET!!

这里我的ESET NOD32防病毒软件正在改变原始凭证。

来源

2017-07-29 11:54:45

+1

其担任你解释。非常感谢! – tinocoam

相关问题

 相关问题