碼上歡樂
相關內容    簡體    繁體

ActiveMQ Apollo - 警告 javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

本文轉載自   查看原文   2019-06-19 18:08   1883    ActiveMQ Apollo

 

記錄日期:2019年6月19日 17點32分

Apache apollo 已被棄用,如無必要推薦使用 Apache ActiveMQ 5。

 

1、下載 apollo 1.7.1 按照官方示例,創建broker,出現了如下警告:

Creating apollo instance at: testBroker
Generating ssl keystore...

Warning:
JKS 密鑰庫使用專用格式。建議使用 "keytool -importkeystore -srckeystore keystore -destkeystore keystore -deststoretype pkcs12" 遷移到行業 標准格式 PKCS12。

You can now start the broker by executing:

   "E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker" run

Or you can setup the broker as Windows service and run it in the background:

   "E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker-service" install
   "E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker-service" start

 

運行后出現如下警告。

WARN  | javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

 

根據警告的內容,大概可以猜測出,需要升級 JKS 密鑰庫的使用格式。

找到創建 broker 時生成的 keystore,一般在 broker 目錄下名為 etc 的文件夾中。

windows 打開命令提示符,進入 etc 目錄,輸入如下命令。

keytool -importkeystore -srckeystore keystore -destkeystore keystore -deststoretype pkcs12

提示輸入源密鑰庫口令。

查看 apache-apollo 源碼查找口令,在目錄 apollo-broker\src\main\scala\org\apache\activemq\apollo\broker 下的 BrokerCreate.scala 文件中找到生成密鑰庫的地方,如下:

// Generate a keystore with a new key
      val ssl = with_ssl && {
        out.println("Generating ssl keystore...")
        val rc = system(etc, Array(
          "keytool", "-genkey",
          "-storetype", "JKS",
          "-storepass", "password",
          "-keystore", "keystore",
          "-keypass", "password",
          "-alias", host,
          "-keyalg", "RSA",
          "-keysize", "4096",
          "-dname", "cn=%s".format(host),
          "-validity", "3650"))==0
        if(!rc) {
          out.println("WARNING: Could not generate the keystore, make sure the keytool command is in your PATH")
        }
        rc
      }

口令為 password,輸入該口令,顯示如下信息:

已成功導入別名 mybroker 的條目。
已完成導入命令: 1 個條目成功導入, 0 個條目失敗或取消

Warning:
已將 "keystore" 遷移到 Non JKS/JCEKS。將 JKS 密鑰庫作為 "keystore.old" 進行了備份。

 

運行broker,輸出的內容中仍然存在如下警告信息,但是不影響基本使用。

WARN  | javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
WARN  | javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
WARN  | javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
WARN  | javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Received fatal alert: protocol_version javax.net.ssl.SSLException: Received 已解決(討巧) 編譯OSS Android SDK出錯,javax.net.ssl.SSLException: Received fatal alert: protocol_version JAVA連接MySQ報錯:Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version XMPP/Smack/Openfire javax.net.ssl.SSLException: Received fatal alert: internal_error SO2O連接報錯javax.net.ssl.SSLException: Received fatal alert: protocol_version) [Charles]SSLHandshake: Received fatal alert: certificate_unknown Charles - SSLHandshake: Received fatal alert: certificate_unknown Charles Android 抓包失敗SSLHandshake: Received fatal alert: certificate_unknown javax.net.ssl.SSLException: Certificate doesn't match any of the subject alternative names javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM