2016-06-06 4 views
0

Я настроил го хранилище ключей и trustore с использованием раствора обеспечивается pedrofb в приведенном ниже ссылке How to configure two way SSL connection in Spring WS without using Spring boot and using separate Apache tomcat server?Как настроить двухпользовательский ssl на клиенте и сервере на tomcat 7 с помощью openssl для генерации сертификата ssl?

Я установил хранилище ключей и trustore свойство для клиента и сервера в коте 7. Тем не менее, когда я пытаюсь подключиться к серверу я получаю ошибку ниже

Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    http-nio-8443-exec-9, READ: TLSv1 Handshake, length = 185 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: -364265602 bytes = { 151, 161, 117, 135, 49, 179, 239, 50, 221, 113, 108, 85, 152, 173, 82, 244, 120, 98, 133, 94, 72, 13, 209, 43, 60, 89, 124, 77 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    http-nio-8443-exec-1, READ: TLSv1 Handshake, length = 185 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: 624575245 bytes = { 5, 128, 117, 156, 92, 134, 29, 210, 250, 146, 110, 193, 126, 10, 111%% Initialized: [Session-27, SSL_NULL_WITH_NULL_NULL] 
    , 45, 132, 231, 235, 77, 110, 238, 35, 93, 37, 164, 168, 251 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    %% Initialized: [Session-28, SSL_NULL_WITH_NULL_NULL] 
    %% Negotiating: [Session-27, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 250, 227, 168, 23, 5, 88, 160, 124, 42, 177, 14, 37, 174, 160, 121, 13, 224, 215, 45, 17, 46, 117, 215, 62, 224, 31, 241, 109 } 
    Session ID: {87, 85, 174, 86, 210, 17, 84, 99, 103, 218, 211, 254, 20, 253, 117, 8, 221, 141, 57, 197, 148, 244, 184, 91, 112, 35, 41, 60, 219, 23, 171, 67} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    %% Negotiating: [Session-28, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 103, 27, 241, 116, 15, 29, 188, 76, 143, 250, 43, 244, 203, 202, 45, 229, 174, 22, 232, 84, 101, 180, 15, 46, 1, 2, 102, 153 } 
    Session ID: {87, 85, 174, 86, 57, 163, 69, 204, 125, 206, 51, 246, 36, 126, 169, 3, 253, 63, 0, 8, 97, 161, 116, 83, 52, 47, 229, 6, 202, 194, 109, 25} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    *** ECDH ServerKeyExchange 
    *** ECDH ServerKeyExchange 
    Signature Algorithm SHA512withRSA 
    Server key: Sun EC public key, 256 bits 
     public x coord: 85555666343139018963533967280538968797633662983139641438682557033369225999165 
     public y coord: 8427840957609862596834523195604231585301724865593291933177525359181625802444 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    Signature Algorithm SHA512withRSA 
    http-nio-8443-exec-1, WRITE: TLSv1.2 Handshake, length = 1336 
    Server key: Sun EC public key, 256 bits 
     public x coord: 84402873937186238897029201223811091119078490206065291036407576822220964455837 
     public y coord: 102495088922183201760899172514801345100289489285600965229707082740951466499978 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Handshake, length = 1336 
    http-nio-8443-exec-9, called closeOutbound() 
    http-nio-8443-exec-9, closeOutboundInternal() 
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2 
    http-nio-8443-exec-9, called closeOutbound() 
    http-nio-8443-exec-9, closeOutboundInternal() 
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2 
    Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    http-nio-8443-exec-4, READ: TLSv1 Handshake, length = 185 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: -1587396700 bytes = { 168, 137, 156, 195, 17, 132, 253, 181, 204, 114, 165, 228, 86, 231, 233, 158, 148, 15, 75, 153, 17, 24, 212, 36, 209, 134, 90, 182 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    %% Initialized: [Session-29, SSL_NULL_WITH_NULL_NULL] 
    %% Negotiating: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 225, 169, 240, 135, 216, 14, 179, 8, 242, 163, 54, 198, 242, 182, 103, 125, 233, 71, 73, 94, 94, 112, 96, 92, 230, 44, 24, 124 } 
    Session ID: {87, 85, 174, 86, 58, 130, 84, 54, 254, 224, 181, 52, 14, 113, 71, 231, 52, 58, 218, 105, 147, 197, 135, 24, 188, 193, 25, 160, 12, 186, 145, 122} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    *** ECDH ServerKeyExchange 
    Signature Algorithm SHA512withRSA 
    Server key: Sun EC public key, 256 bits 
     public x coord: 81903135861506604845195203015394003955799288815680914864504286597024832297135 
     public y coord: 106714826192296131282741266053860770585192831249415196199432006232074628631588 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <EMAILADDRE[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    http-nio-8443-exec-4, WRITE: TLSv1.2 Handshake, length = 1336 
    http-nio-8443-exec-6, READ: TLSv1.2 Handshake, length = 7 
    *** Certificate chain 
    <Empty> 
    *** 
    http-nio-8443-exec-6, fatal error: 42: null cert chain 
    javax.net.ssl.SSLHandshakeException: null cert chain 
    %% Invalidated: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    http-nio-8443-exec-6, SEND TLSv1.2 ALERT: fatal, description = bad_certificate 
    http-nio-8443-exec-6, WRITE: TLSv1.2 Alert, length = 2 
    http-nio-8443-exec-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain 
    http-nio-8443-exec-6, called closeOutbound() 
    http-nio-8443-exec-6, closeOutboundInternal() 

на стороне клиента я имею следующее сообщение об ошибке в браузере

Try contacting the system admin. 
ERR_BAD_SSL_CLIENT_AUTH_CERT 

КЛИЕНТ не отправляет свой сертификат, когда сервер запрашивает его.

Должен ли я поддерживать clientauth=true, как на клиенте, так и на сервере?

My Server keystore contains server.pfx 
My Server trustore contains client.crt and ca.crt 
My Client keystore contains client.p12 client.crt ca.crt 
My Client trustore contains server.crt 

Благодаря

ответ

-1

Я, наконец, нашел решение, которое я просто не установил client.p12 в браузере, и, следовательно, мой клиент не отправлял свой сертификат на сервер. Когда я установил client.p12 в браузере, он начал работать.

2

Сервер запрашивает сертификат и предоставление списка доверенных подписантов. Это происходит из доверенного сервера сервера. Клиент не имеет сертификата, подписанного одним из этих подписчиков в хранилище ключей, поэтому он не может отправить сертификат.

Решение: либо иметь сертификат клиента, подписанный одним из доверенных подписывающих лиц, либо увеличить доверенные подписывающие лица, включив подписывающий сертификат клиента.