开发者

With Orbeon Forms, why are my submissions to a server using a self-signed certificate failing?

开发者 https://www.devze.com 2023-01-20 21:06 出处:网络
When running submissio开发者_如何学Cns (<xforms:submission>) over HTTPS against a server that use a self-signed certificate, I am getting an exception in the logs that looks like:

When running submissio开发者_如何学Cns (<xforms:submission>) over HTTPS against a server that use a self-signed certificate, I am getting an exception in the logs that looks like:

ERROR XFormsServer  - XForms - submission - xforms-submit-error throwable: sun.security.provider.certpath.SunCertPathBuilderException 
: unable to find valid certification path to requested target 
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) 
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) 
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) 
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) 

How can I solve this?


When making the HTTPS request, Java checks the certificate of the server. Because the certificate is self-signed, Java can't verify it is a legitimate certificate, hence the error message "unable to find valid certification path to requested target".

What you need to do is either:

  1. Use a "real" certificate (e.g. signed by Verisign).
  2. Add the certificate of your server to a "trust store", and setup your JVM of application server use that trust store.

The exact steps for doing #2 above will depend on your environment, but in essence:

  1. If the server handling the requests has its self-signed key in a Java key store, export it. Here your-server is the alias for your server the key store, mykey.cer is the file you are creating, keystore is your key store file, and your-password is the password to your key store.

    keytool -export -alias your-server -file mykey.cer -keystore keystore -storepass your-password

  2. On the server on which Orbeon Forms is running (i.e. the server that initiates the HTTPS request), import mykey.cer into a trust store. Here truststore is your trust store file, which might be a new file you are creating if you don't have an existing trust store.

    keytool -import -v -trustcacerts -alias your-server -file mykey.cer -keystore truststore -storepass your-password

  3. Add the following -D parameters when starting the VM that runs your application server (e.g. Tomcat) and Orbeon Forms:

    -Djavax.net.ssl.trustStore=path/to/your/truststore -Djavax.net.ssl.trustStorePassword=your-password

0

精彩评论

暂无评论...
验证码 换一张
取 消