권남

사용자 도구

사이트 도구

추적:
java:7:pitfall

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판 이전 판
java:7:pitfall [2015/07/01 15:25]
kwon37xi [MD2, RSA Keysize 1024미만] 		java:7:pitfall [2015/12/18 16:36] (현재)
kwon37xi
줄 31: 줄 31:
     * I noticed that the bug suggested here (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2222432) relates to the Diffie-Hellman key exchange, so I tried selecting a cipher which does not use Diffie-Hellman (''-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256'') and the problem went away. So I think we have a workaround.     * I noticed that the bug suggested here (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2222432) relates to the Diffie-Hellman key exchange, so I tried selecting a cipher which does not use Diffie-Hellman (''-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256'') and the problem went away. So I think we have a workaround.
  
-===== 문단 제목 =====+===== Unable to Connect to SSL Services due to PKIX Path Building Failed =====
   * [[http://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find|ssl - Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]   * [[http://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find|ssl - Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]
   * [[http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html|PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target.]]   * [[http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html|PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target.]]
 +  * [[https://confluence.atlassian.com/display/KB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed|Unable to Connect to SSL Services due to PKIX Path Building Failed - Atlassian Knowledge Base]]
  
 The source of this error on my Apache 2.4 instance (using a Comodo wildcard certificate) was an incomplete path to the SHA-1 signed root certificate. There were multiple chains in the issued certificate, and the chain leading to a SHA-1 root certificate was missing an [[https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority|intermediate certificate]]. Modern browsers know how to handle this, but Java 7 doesn't handle it by default (although there are some convoluted ways to accomplish this in code). The result is error messages that look identical to the case of self-signed certificates: The source of this error on my Apache 2.4 instance (using a Comodo wildcard certificate) was an incomplete path to the SHA-1 signed root certificate. There were multiple chains in the issued certificate, and the chain leading to a SHA-1 root certificate was missing an [[https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority|intermediate certificate]]. Modern browsers know how to handle this, but Java 7 doesn't handle it by default (although there are some convoluted ways to accomplish this in code). The result is error messages that look identical to the case of self-signed certificates:
java/7/pitfall.1435731935.txt.gz · 마지막으로 수정됨: 2015/07/01 15:25 저자 kwon37xi

문서 도구

별도로 명시하지 않을 경우, 이 위키의 내용은 다음 라이선스에 따라 사용할 수 있습니다: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki