ESB与不安全的后端服务之间的相互SSL，“Null cert chain”-Java 学习之路

我收到以下错误：

ERROR {org.apache.synapse.transport.passthru.SourceHandler} -  I/O error: null cert chain {org.apache.synapse.transport.passthru.SourceHandler}

尝试在我的（自定义）代理服务和2个不安全的后端服务之间启用相互SSL .

这是我到目前为止所做的：

已启用 <parameter name="SSLVerifyClient">require</parameter>
使用Java Key Tool在[carbon_home] /respository/resources/security/wso2carbon.jks中提取了2个后端服务器的公共证书：

keytool -export -keystore C：\ I_T \ WS02 \ wso2 as-5.2.1 \ repository \ resources \ security \ client-truststore.jks -file C：\ wssecurity \ wso2 \ wso2ASpublic.cert

将这些证书导入ESB信任库：

keytool -import -file C：\ wssecurity \ wso2 \ wso2DSSpublic.cert -keystore C：\ I_T \ WS02 \ wso2esb-4.8.1 \ repository \ resources \ security \ client-truststore.jks -storepass wso2carbon -alias wso2carbonDSS

使用ESB证书将相同的内容添加到服务器的客户端信任库中 .

我怀疑步骤2-4是不必要的，因为信任存储已经包含这些证书 .

也许这是造成问题的？

1 回答

如果有人想知道如何实现，我解决了这个问题：

SOAP_CLIENT
                                                                |
                                                                |
                                                                |
                                                                |----------- Single SSL (a)
                                                                |
                                                                |
                                      ________________ENTERPRISE_SERVICE_BUS_________________
                                     ||                                                     ||
                                     ||                                                     ||
                                     ||                                                     ||
         (b) Mutual SSL--------------||                                                     ||--------------Mutual SSL  (c)
                                     ||                                                     ||
                                     ||                                                     ||
                                     ||                                                     ||
                             APPLICATION_SERVER                                   DATA_SERVICE_SERVER

================================================== ====================

Key stores :

Soap(client) :  soapui_ks.jks                               - Key store - Password : soapui



ESB :           wso2esb_ks.jks                              - Key store - Password : wso2esb
                --------------- wso2esb_ks                  - Key entry alias - Password : wso2esb

                wso2esb_ts.jks                              - Trust store - Password : wso2esb
                --------------- wso2esb_ts                  - Key entry alias - Password : wso2esb
                --------------- as                          - Imported trusted certificate from wso2as_ks.jks
                --------------- dss                         - Imported trusted certificate from wso2dss_ks.jks
                --------------- soapclient                  - Imported trusted certificate from soapui_ks.jks


AS :            wso2as_ks.jks                               - Key store - Password : wso2as
                --------------- wso2as_ks                   - Key entry alias - Password : wso2as   

                wso2as_ts.jks                               - Trust store - Password : wso2as
                --------------- wso2as_ts                   - Key entry alias - Password : wso2as
                --------------- esb                         - Imported trusted certificate from wso2esb_ks.jks

DSS :           wso2dss_ks.jks                              - Key store - Password : wso2dss
                --------------- wso2dss_ks                  - Key entry alias - Password : wso2dss  

                wso2dss_ts.jks                              - Trust store - Password : wso2dss
                --------------- wso2dss_ts                  - Key entry alias - Password : wso2dss
                --------------- esb                         - Imported trusted certificate from wso2esb_ks.jks

=================================================================================================================================================================

Configuration :

(a) Change the following in the servers(server_home) to point to the new keystores/trustores.

In esb : Changed configuration files of the following files to point to the new keystores and their passwords (as above) :

                [server_home]/repository/conf/carbon.xml            
                [server_home]/repository/conf/axis2/axis2.xml   - also set  <parameter name="SSLVerifyClient">require</parameter>
                [server_home]/repository/conf/security/cipher-text.properties
                [server_home]/repository/conf/security/secret-conf.properties
                [server_home]/repository/conf/sec.policy

Restart server.

In soap , double click on the root project folder , navigate to WS-Security Configurations tab , then add the soapui_ts.jks as a TRUST store using soapui as the password. Then when you open a request in that project, in the Request Properties panel , set the previously configured soapui_ts.jks as the value for the SSL Keystore property.

Should all be good.

回复于 2024-04-29T23:12:49+08:00

ESB与不安全的后端服务之间的相互SSL，“Null cert chain”

1 回答

相关问题