weblogic SSL证书错误 FATAL Alert:BAD_CERTIFICATE

4591566

weblogic服务器中通过HTTPS请求其他服务提示错误信息 weblogic SSL证书错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat。Certificate chain received from 客户端- 192.168.10.10 was not trusted causing SSL handshake failure
整个问题整整困扰了我一周如今终于解决，现在讲解决方式分享给大家借鉴。
提示错误 Certificate chain received from 客户端- 192.168.10.10 was not trusted causing SSL handshake failure。这个错误说明没有将证书导入到weblogic信任证书库中，可通过如下命令操作
导入：keytool -import -alias abc -keystore ..\lib\security\cacerts -file ..\lib\security\abc.cer -trustcacerts
查看：keytool -list -keystore ..\lib\security\cacerts
删除：keytool -delete -alias abc -keystore ..\lib\security\cacerts
密码默认为：changeit
将证书导入至weblogic证书库中后再测试可能会提示错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat
可能错误原因证书非CA认证证书，设置weblogic不对证书进行安全检查 -Dweblogic.StdoutDebugEnabled=true（startWeblogic.cmd正设置）
 可能原因源代码不能兼容weblogic中的jar,设置-DUseSunHttpHandler=true （startWeblogic.cmd正设置）
 
如果还不行，尝试设置如下参数：
　　-Dweblogic.security.SSL.allowSmallRSAExponent=true 
　　-Dweblogic.security.SSL.enforceConstraints=off 
　　-Dweblogic.security.SSL.ignoreHostnameVerification=true 
　　-Dweblogic.StdoutDebugEnabled=true -Dssl.debug 
　　-Dweblogic.security.SSL.ignoreHostnameVerification=true 
　　-Dssl.SocketFactory.provider=weblogic.security.SSL.SSLSocketFactory
　　-Dweblogic.webservice.client.ssl.strictcertchecking=false
　　第二种解决方案：
　　1、在源代码中使用sun的HttpHander
　　 

java.net.URL aURL = new java.net.URL(null, commURL, new sun.net.www.protocol.https.Handler());
 2、信任所有SSL证书


private void trustALLSSLCertificates(HttpURLConnection con) throws NoSuchAlgorithmException, KeyManagementException {
((HttpsURLConnection) con).setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
// Ignore Certification
TrustManager ignoreCertificationTrustManger = new X509TrustManager() {
public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] ax509certificate, String s) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
// Prepare SSL Context
TrustManager[] tm = { ignoreCertificationTrustManger };
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
// 从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
((HttpsURLConnection) con).setSSLSocketFactory(ssf);
}