问题描述
我安装的2way SSL与骆驼和CXF使用HTTP管道元件等。
我做一个Web服务调用给外方。所有证书安装正确(传入流量是succesfull,这是在Tomcat中配置)。后this后有关安全的重新协商,我终于收到了来自对方的响应:HTTP响应403禁止。
I setup 2way ssl with Camel and CXF using the http conduit element etc.I make a webservice call to an external party. All certificates are correctly installed (incoming traffic is succesfull, this is configured in Tomcat). After this post about secure renegotiation I finally received a response from the other party: HTTP response 403, forbidden.
我一直在调试javax.net.debug = ALL和的的优秀解释。
I've been debugging with javax.net.debug=all and this excellent explanation.I can see in the logging that a secure connection is succesfully setup:
*** Finished
verify_data: { 141, 25, 184, 254, 93, 9, 10, 48, 135, 161, 213, 57 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
和没有其他错误或警告。我如何可以验证,如果我的客户端证书被发送到服务器? (我不能使用Wireshark,但我有javax.net.debug记录)
and no other errors or warnings. How can I verify if my client certificate is sent to the server? (I can't use Wireshark but I have the javax.net.debug logging)
推荐答案
我发现this后并通过比较javax.net.debug输出到。
我不明白的 CertificateVerify 在我的日志,只有,所以没有客户端证书发送出去。
I found the answer in this post and by comparing the javax.net.debug output to the client auth example.I don't see CertificateVerify in my log, only the one way ssl steps, so there is no client certificate sent.
的原因是,我复制了CXF HTTP管道例如从他们的网站,但不知何故,它包含的密码组过滤器过于严格了。
The cause was that I copied the CXF http conduit example from their website, but somehow the ciphersuite filter it contained was too strict.
这篇关于如何验证是否将Java的客户端证书的相互验证方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!