weblogic SSL证书错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat

weblogic服务器中通过HTTPS请求其他服务提示错误信息 weblogic SSL证书错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat。Certificate chain received from 客户端- 192.168.10.10 was not trusted causing SSL handshake failure

整个问题整整困扰了我一周如今终于解决，现在讲解决方式分享给大家借鉴。

提示错误 Certificate chain received from 客户端- 192.168.10.10 was not trusted causing SSL handshake failure。这个错误说明没有将证书导入到weblogic信任证书库中，可通过如下命令操作

导入：keytool -import -alias abc -keystore ..\lib\security\cacerts -file ..\lib\security\abc.cer -trustcacerts

查看：keytool -list -keystore ..\lib\security\cacerts

删除：keytool -delete -alias abc -keystore ..\lib\security\cacerts

密码默认为：changeit

将证书导入至weblogic证书库中后再测试可能会提示错误 FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificat

可能错误原因证书非CA认证证书，设置weblogic不对证书进行安全检查 -Dweblogic.StdoutDebugEnabled=true（startWeblogic.cmd正设置）

 可能原因源代码不能兼容weblogic中的jar,设置-DUseSunHttpHandler=true （startWeblogic.cmd正设置）

 

如果还不行，尝试设置如下参数：

-Dweblogic.security.SSL.allowSmallRSAExponent=true 

-Dweblogic.security.SSL.enforceConstraints=off 

-Dweblogic.security.SSL.ignoreHostnameVerification=true 

-Dweblogic.StdoutDebugEnabled=true -Dssl.debug 

-Dweblogic.security.SSL.ignoreHostnameVerification=true 

-Dssl.SocketFactory.provider=weblogic.security.SSL.SSLSocketFactory

 

-Dweblogic.webservice.client.ssl.strictcertchecking=false

 

 

第二种解决方案：

1、在源代码中使用sun的HttpHander

 

 

java.net.URL aURL = new java.net.URL(null, commURL, new sun.net.www.protocol.https.Handler());

 2、信任所有SSL证书

 

 

private void trustALLSSLCertificates(HttpURLConnection con) throws NoSuchAlgorithmException, KeyManagementException {
        ((HttpsURLConnection) con).setHostnameVerifier(new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        // Ignore Certification
        TrustManager ignoreCertificationTrustManger = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {

            }

            public void checkServerTrusted(X509Certificate[] ax509certificate, String s) throws CertificateException {

            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

        };
        // Prepare SSL Context
        TrustManager[] tm = { ignoreCertificationTrustManger };
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, tm, new java.security.SecureRandom());

        // 从上述SSLContext对象中得到SSLSocketFactory对象
        SSLSocketFactory ssf = sslContext.getSocketFactory();
        ((HttpsURLConnection) con).setSSLSocketFactory(ssf);

    }