收到致命警报：unknown_ca，同时进行相互身份validation

我正在开发一个Web服务客户端，它需要与启用了相互身份validation的服务器通信。

我已经完成了以下步骤。

1. 将服务器证书（自签名）添加到信任库，并使用SSLSocketFactory将其设置为HttpsURLConnection 。
2. 将客户端证书（CA签名）提供给服务器管理员以将其添加到其受信任的存储中。
3. 通过导入客户端证书创建了一个密钥库，并创建了一个密钥管理器来“HttpsURLConnection”。

当我尝试运行此示例时，我得到一个例外说法

 org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: java.net.SocketException: Software caused connection abort: recv failed; nested exception is javax.xml.stream.XMLStreamException: java.net.SocketException: Software caused connection abort: recv failed at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:261) at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:45) at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:586) at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:549) at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:502) at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:480) at test.SamlTest.request(SamlTest.java:29) at test.SamlTest.main(SamlTest.java:63) Caused by: javax.xml.stream.XMLStreamException: java.net.SocketException: Software caused connection abort: recv failed at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.writeStartDocument(Unknown Source) at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:193) at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:756) at org.apache.axiom.soap.impl.llom.SOAPMessageImpl.internalSerialize(SOAPMessageImpl.java:71) at org.apache.axiom.om.impl.llom.OMDocumentImpl.internalSerialize(OMDocumentImpl.java:324) at org.apache.axiom.om.impl.llom.OMDocumentImpl.serialize(OMDocumentImpl.java:375) at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:252) ... 7 more Caused by: java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(Unknown Source) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source) at com.sun.net.ssl.internal.ssl.InputRecord.readV3Record(Unknown Source) at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:81) at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:101) at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41) at org.springframework.ws.transport.TransportOutputStream.write(TransportOutputStream.java:64) at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.write(Unknown Source) at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.write(Unknown Source) ... 14 more 

我错过了什么？

更新

启用jvm日志后，请查找日志

 trigger seeding of SecureRandom done seeding SecureRandom %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1274794757 bytes = { 250, 192, 120, 159, 84, 244, 96, 103, 128, 221, 36, 200, 229, 95, 84, 152, 179, 202, 161, 56, 95, 161, 234, 136, 128, 52, 45, 228 } Session ID: {} Compression Methods: { 0 } *** main, WRITE: TLSv1 Handshake, length = 73 main, WRITE: SSLv2 client hello message, length = 98 main, READ: TLSv1 Handshake, length = 74 *** ServerHello, TLSv1 Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 main, READ: TLSv1 Handshake, length = 976 *** Certificate chain chain [0] = [ [ Version: V3 Subject: EMAILADDRESS=email@email.com, CN=email@email.com, OU=MyOU, O=xyz Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits public exponent: 65537 Validity: [From: Tue Jul 18 02:30:07 IST 2006, To: Mon Jul 13 02:30:07 IST 2026] Issuer: EMAILADDRESS=email@email.com, CN=email@email.com, OU=MyOU, O=xyz SerialNumber: [ ] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ ] [EMAILADDRESS=email@email.com, CN=email@email.com, OU=MyOU, O=xyz] SerialNumber: [ ecbcae10 2ba4c279] ] [3]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: ] *** main, SEND TLSv1 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1 Alert, length = 2 main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at com.arun.test.http.TiMutualAuthClient.main(TiMutualAuthClient.java:71) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 19 more 

谢谢

• AES加密Java到c＃
• 任何用于ppt到jpg转换的java库？

• 在我的`gradle build`上遇到`org.gradle.api.ProjectConfigurationException`错误
• 如何从close（）正确处理IOException
• 为什么autoboxed整数和.getClass（）值== – 相等，不仅.equals（） – 相等？
• Intellij IDEA：如何更改组织导入function
• 是否有Java EE JDK
• JSP作为电子邮件模板
• 在Hibernate中创建查询
• 如何仅签署XML的特定部分
• 从Spring MVC XML文件迁移到javaconfig。 我真的迷失了我的数据库XML文件