我有一个2服务器的服务器结构:一个是带有内容的主服务器,另一个是带有Play运行的Scala服务器,用户管理包括社交登录(fb,tw,g +).两台服务器都使用相同的通配符SSL证书.
我最近将主服务器从Apache切换到nginx,由于某种原因,Scala服务器抱怨SSL不匹配(这在Apache之前从未出现过问题).
当我尝试登录时,我从Play中收到以下错误:
[error] s.c.ProviderController - Unable to log user in. An exception was thrown java.net.ConnectException: General SSLEngine problem to https://www.example.com/login/corsValid at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103) ~[async-http-client.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427) ~[netty.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:413) ~[netty.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380) ~[netty.jar:na] at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1417) ~[netty.jar:na] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1293) ~[netty.jar:na] Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) ~[na:1.7.0_51] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_51] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:793) ~[na:1.7.0_51] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761) ~[na:1.7.0_51] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_51] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty.jar:na] Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_51] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1694) ~[na:1.7.0_51] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) ~[na:1.7.0_51] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_51] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_51] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_51] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_51] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_51] at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) ~[na:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) ~[na:1.7.0_51] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_51] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_51] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_51] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_51] at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_51]
我追查了问题,发现application.conf
需要使用正确的SSL证书参数.我创建了一个JKS和P12证书并将其包含在conf文件中,但我仍然遇到此错误.(也许错误的道路?也试过......)
ws.ssl { trustManager = { stores = [ { path: "ssl.jks" } ] } }
但是,当我添加时,ws.acceptAnyCertificate=true
一切都很好,但这显然是一个安全漏洞,我不想做任何事情.
为什么在Play中安装SSL证书会如此痛苦?
谢谢