更新时间:2021-11-23 22:26:29
问题已解决!
我认真地关注了这篇魔术怪兽文章(请注意"java的较旧版本"和默认密码"changeit"),以将整个自签名证书链导入到Java的受信任证书列表:
I followed this magicmonster article carefully (note the highlights on "older version of java", and the default password 'changeit'), to import the entire self signed certificate chain to the list of trusted certificates of the Java:
http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html
有一个非常重要的附加选项:对链中的所有证书(不仅是根证书)都这样做!(在我的情况下,这是三个:我组织的,中级和根)
With one very important additional twist: Do it for all certificates in the chain, not only the root! (in my case there were three: my organization's, the intermediate, and the root)
然后...转到 Spring应用程序上下文配置XML ,并修改<http:conduit
部分,使其具有Java的证书文件的正确路径(和密码):
Then... go to the Spring application context config XML and modify the <http:conduit
section to have the correct path (and password) for Java's cacerts file:
<http:tlsClientParameters>
<sec:keyManagers keyPassword="changeit">
<sec:keyStore type="JKS" password="changeit"
file="C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="changeit"
file="C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts"/>
</sec:trustManagers>