1. ホーム
  2. 質問と答え
  3. Mongoの接続SSL&JAX-WS

Mongoの接続SSL&JAX-WS

2017-06-09 6 views
1

我々は、証明書の設定があるのSSL接続でJAX-WSを使用して1 wsclientを持っている:(Mongoの接続SSL&JAX-WS

System.setProperty("javax.net.ssl.keyStoreType", "PKCS12"); 
System.setProperty("javax.net.ssl.keyStore", "/certificate.pfx"); 
System.setProperty("javax.net.ssl.keyStorePassword", "password");

しかし、我々はMongoAtlasに当社モンゴデータベースを移住ときにのみTLSを受け入れます/ SSL接続)JAX-WSのすべてのHTTP接続が動作を停止し、発生した問題は次のとおりです。

javax.xml.ws.WebServiceException: Failed to access WSDL in https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl. It failed with: 
Server returned HTTP response code: 403 for URL: https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl. 
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:250) 
at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:231) 
... 
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl 
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876) 
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)

我々はモンゴでこのように接続するには、Java 8を使用します。

new MongoClient(new MongoClientURI(uriMongoConnection))

この問題が発生しているためわからない、誰かが私たちを助けることができますか? wgetによると

おかげ

出典

2017-06-09 Robson

答えて

0 

$ wget https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl 
--2017-06-10 03:58:46-- https://homologacao.nfe.fazenda.sp.gov.br/ws/nfeautorizacao.asmx?wsdl 
Resolving homologacao.nfe.fazenda.sp.gov.br (homologacao.nfe.fazenda.sp.gov.br)... 201.55.62.10 
Connecting to homologacao.nfe.fazenda.sp.gov.br (homologacao.nfe.fazenda.sp.gov.br)|201.55.62.10|:443... connected. 
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ is not trusted. 
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ hasn't got a known issuer. 
ERROR: The certificate of ‘homologacao.nfe.fazenda.sp.gov.br’ was signed using an insecure algorithm.

openssl x509によると、あなたはこの証明書(またはその発行体の1)を信頼する必要があります。

$ openssl s_client -connect homologacao.nfe.fazenda.sp.gov.br:443 -tls1 -servername homologacao.nfe.fazenda.sp.gov.br | openssl x509 -text -noout 
depth=2 C = BR, O = ICP-Brasil, OU = Autoridade Certificadora Raiz Brasileira v2, CN = AC Secretaria da Receita Federal do Brasil v3 
verify error:num=20:unable to get local issuer certificate 
Certificate: 
    Data: 
     Version: 3 (0x2) 
     Serial Number: 
      01:1e:eb:ed:b4:dd:f7:00:8c 
    Signature Algorithm: sha256WithRSAEncryption 
     Issuer: C=BR, O=ICP-Brasil, OU=Secretaria da Receita Federal do Brasil - RFB, CN=AC Imprensa Oficial SP RFB G4 
     Validity 
      Not Before: Sep 30 18:11:13 2016 GMT 
      Not After : Sep 30 18:11:13 2017 GMT 
     Subject: C=BR, O=ICP-Brasil, ST=SP, L=Sao Paulo, OU=Secretaria da Receita Federal do Brasil - RFB, OU=RFB e-Servidor A1, OU=AR IMPRENSA OFICIAL, CN=homologacao.nfe.fazenda.sp.gov.br 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (2048 bit) 
       Modulus: 
        00:d3:27:0b:cc:79:17:39:6f:ef:ae:13:ec:98:df: 
        0e:ff:04:1f:ee:96:e8:44:f5:79:2b:34:b3:ce:c9: 
        2d:29:c8:d1:a4:cb:fa:8c:b1:41:bb:16:45:e4:f7: 
        50:51:06:00:2d:da:4e:75:a3:c4:f5:19:b5:67:23: 
        cc:58:a5:49:de:54:17:67:5c:cd:fe:1a:56:24:12: 
        72:96:77:80:a9:9c:0a:0a:f3:d5:c3:51:7a:6f:1f: 
        c8:27:83:2d:07:dc:68:1a:d2:da:50:ca:ca:07:fc: 
        7b:11:bc:fd:a9:99:1a:6b:14:19:5c:b3:66:a6:02: 
        16:b1:83:d3:d7:4b:a7:dc:9f:6a:0a:e2:67:bd:84: 
        2f:85:a4:13:45:8a:c6:ef:1b:54:75:06:43:11:e3: 
        9b:a7:0c:ed:37:e5:5a:09:47:11:21:3d:1a:0d:93: 
        0e:89:a6:eb:e7:75:0a:8e:71:54:85:6f:ef:0e:82: 
        bc:5d:98:31:c7:02:2e:58:6f:c5:1d:ef:42:6c:fd: 
        2e:eb:09:38:ad:22:2e:f5:42:3e:57:69:0b:8a:fb: 
        c7:af:24:88:8d:8d:2c:5d:fc:ed:c0:36:62:89:71: 
        fd:b6:cd:d5:bd:60:87:ff:af:52:2d:61:70:36:b9: 
        12:2c:3a:cc:56:a3:6b:f8:46:90:09:3b:06:92:88: 
        a0:97 
       Exponent: 65537 (0x10001) 
     X509v3 extensions: 
      X509v3 Key Usage: critical 
       Digital Signature, Non Repudiation, Key Encipherment 
      Authority Information Access: 
       OCSP - URI:http://io-ocsp-icpbr.imprensaoficial.com.br 
       CA Issuers - URI:http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.p7b 

      X509v3 Authority Key Identifier: 
       keyid:7A:54:FC:CC:9D:06:8F:79:E3:0D:44:C9:EE:E5:C3:B7:4D:4D:CB:A2 

      X509v3 Certificate Policies: 
       Policy: 2.16.76.1.2.1.20 
        CPS: http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB 

      X509v3 Basic Constraints: 
       CA:FALSE 
      X509v3 CRL Distribution Points: 

       Full Name: 
        URI:http://io-com-icpbr.imprensaoficial.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.crl 

       Full Name: 
        URI:http://www.digitaltrust.com.br/repositorio/IMESPRFB/ACIMESPRFBG4.crl 

       Full Name: 
        URI:http://repositorio.icpbrasil.gov.br/lcr/IMESP/ACIMESPRFBG4.crl 

      X509v3 Subject Alternative Name: 
       DNS:homologacao.nfe.fazenda.sp.gov.br, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>, othername:<unsupported> 
      X509v3 Extended Key Usage: 
       TLS Web Client Authentication, TLS Web Server Authentication 
    Signature Algorithm: sha256WithRSAEncryption 
     ca:5d:c8:92:b5:73:2d:66:81:11:40:32:86:1d:57:96:f4:84: 
     40:72:b9:cf:60:39:1d:c5:ff:97:03:fa:f0:e3:fe:97:c8:98: 
     65:ae:ad:3e:e7:f0:66:47:43:63:9a:05:ed:79:93:f7:57:93: 
     9f:32:ab:42:ca:0f:63:40:59:b5:b4:46:e3:0b:dd:bc:b7:af: 
     ad:9f:5f:75:1c:09:66:e6:e8:66:15:a4:30:46:89:8f:b3:99: 
     7e:67:99:b6:35:cd:78:54:b7:a3:13:56:cb:1c:81:9a:fc:33: 
     64:50:ac:c2:5a:49:d1:e3:00:ec:49:3a:49:f0:80:fa:7f:f0: 
     63:c4:eb:84:8e:f2:9b:29:bd:3e:e9:44:91:eb:2b:f0:83:d4: 
     45:7b:0e:c1:5e:c1:e0:e8:c9:68:52:c9:6b:7c:4a:c3:33:67: 
     d8:e9:73:ba:51:ad:60:47:e7:15:18:af:7d:52:9a:12:26:73: 
     0e:1e:ad:b1:ee:4e:c9:9b:db:5d:ba:16:8e:57:99:a6:84:52: 
     8b:bf:b3:de:b0:a0:dc:5c:5d:2c:eb:77:09:5c:e7:ef:8b:7f: 
     3d:fa:cc:8c:76:6f:27:5b:b9:ff:4e:a0:c1:a4:96:28:15:4f: 
     c1:4c:09:25:7e:c9:f6:ee:6c:05:7d:ad:76:98:dc:f1:92:9f: 
     87:12:26:e2:93:d5:a2:bf:93:c0:13:36:7f:43:d4:4b:c0:1d: 
     d9:7f:8b:d8:71:35:8c:74:68:fa:bd:7e:b4:b7:86:96:20:e9: 
     26:56:8c:80:4c:0d:74:5d:4a:52:aa:7d:71:99:62:a8:b9:6f: 
     78:f2:2a:dc:41:ae:cb:ef:06:84:a8:2c:2d:9b:70:60:b3:cf: 
     58:1c:bf:82:3f:68:fd:10:db:26:50:d6:c1:c7:d2:7f:1a:15: 
     c5:3f:86:92:3c:e3:7d:e1:7d:9d:89:54:c1:df:66:95:9d:e7: 
     87:27:39:58:66:14:3e:de:44:9b:0b:64:57:80:df:59:0f:04: 
     9d:60:92:0d:c9:77:f5:1d:95:1c:fb:14:60:55:e2:e5:74:38: 
     28:b3:d4:87:82:69:1e:73:17:01:0b:b9:e6:cc:01:1c:04:1b: 
     ee:f9:4b:9c:89:54:4e:92:e4:9d:45:ae:c2:55:93:53:16:be: 
     3c:7c:70:b4:81:30:21:e2:25:7a:bc:b5:5a:92:dd:33:90:73: 
     79:66:5a:df:71:bb:50:60:36:42:f8:fd:0c:ea:d5:11:f7:d7: 
     1a:6d:d8:4c:ed:61:1a:34:f5:8b:98:ee:60:51:d6:f0:c9:89: 
     b3:58:96:fc:c9:44:7b:d7:9d:0b:3d:6b:6a:f5:ff:9d:f6:ad: 
     f7:8f:2d:90:32:ae:16:b9

は(証明書を追加しますかその発行者の1人)をトラストストアに送信します。サーバーの証明書のの発行者です。

Issuer: C=BR, O=ICP-Brasil, OU=Secretaria da Receita Federal do Brasil - RFB, CN=AC Imprensa Oficial SP RFB G4

あなたはwww.imprensaoficial.com.br"AC Imprensa Oficial SP RFBのG4"の発行者証明書を見つけることができるように見えます:openssl x509はそれがわかります。

出典

2017-06-10 08:03:44 jww

+0

こんにちは、ありがとうございます!私たちの証明書は信頼です、私たちはmongo接続SSLを使用するときに問題が始まりました。 – Robson

関連する問題

 関連する問題