当我用apachecamel和ssl连接到kafka集群时,我遇到了下面的问题,有人能帮我解决这个问题吗
javax.net.ssl.sslhandshakeexception:sun.security.validator.validatorexception:pkix路径生成失败:sun.security.provider.certpath.suncertpathbuilderexception:无法在sun.security.ssl.alerts.getsslexception(警报)中找到请求目标的有效证书路径。java:192)在sun.security.ssl.sslsocketimpl.fatal(sslsocketimpl。java:1937)在sun.security.ssl.handshaker.fatalse(握手器。java:302)在sun.security.ssl.handshaker.fatalse(握手器。java:296)在sun.security.ssl.clienthandshaker.servercertificate(clienthandshaker。java:1478)在sun.security.ssl.clienthandshaker.processmessage(clienthandshaker。java:212)在sun.security.ssl.handshaker.processloop(握手器。java:957)在sun.security.ssl.handshaker.process\u record(handshaker。java:892)在sun.security.ssl.sslsocketimpl.readrecord(sslsocketimpl。java:1050)在sun.security.ssl.sslsocketimpl.performitialhandshake(sslsocketimpl。java:1363)在sun.security.ssl.sslsocketimpl.writerecord(sslsocketimpl。java:735)在sun.security.ssl.appoutputstream.write(appoutputstream。java:123)在java.io.bufferedoutputstream.flushbuffer(bufferedoutputstream。java:82)在java.io.bufferedoutputstream.flush(bufferedoutputstream。java:140)
//这是加载.jks文件的正确方法吗?
@Component
public class MyRouteDefinition extends RouteBuilder {
@Override
public void configure() throws Exception {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setType("jks");
ksp.setResource("truststore.jks);
ksp.setPassword("password");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword("password");
TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
trustManagersParameters.setKeyStore(ksp);
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);
scp.setTrustManagers(trustManagersParameters);
HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
httpComponent.setSslContextParameters(scp);
//TO HTTPS
from(...)
.to("https://localhost:8080/load")
log.debug("The response code is: {}", responseCode);
}
}
2条答案
按热度按时间yx2lnoni1#
使用https时,客户端需要信任服务器。服务器发送证书以证明其身份。证书由ca(证书颁发机构)签名。客户机仅在识别签署其证书的ca时才信任服务器。如果ca存在于其信任库中,则客户端将识别该ca。
您还可以直接将证书导入信任库,以防证书未经ca签名。
我猜你要么
导入签署服务器的ca(正在侦听的ca)localhost:8080)将证书放入客户端的信任库
将服务器的证书本身导入信任库。
hof1towb2#
我找到了解决办法,上面的线很好