各位大家好:
我使用websphere版本是6.1.0
最近用想jmx实现websphere的监听,但是在使用PKCS证书连接的时候报错了:
2012-9-12 17:52:31 com.ibm.websphere.management.AdminClientFactory
WARNING: ADMC0046W
2012-9-12 17:52:31 com.ibm.ws.management.connector.interop.JMXClassLoader
WARNING: Could not find tmx4jTransform.jar in null/etc/tmx4jTransform.jar - Interoperability to older versions of WebSphere is disabled
2012-9-12 17:52:31 com.ibm.ws.ssl.config.SSLConfigManager
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
com.ibm.websphere.management.exception.AdminException: com.ibm.websphere.management.exception.ConnectorException:
ADMC0053E: 启用 SOAP 连接器安全性时,系统无法创建连接到端口 8880 上的主机 localhost 的 SOAP 连接器。
at test.JmxStat.getAdminClient(JmxStat.java:278)
at test.JmxStat.main(JmxStat.java:85)
Caused by: com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: 启用 SOAP 连接器安全性时,
系统无法创建连接到端口 8880 上的主机 localhost 的 SOAP 连接器。
at com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFactory.java:485)
at test.JmxStat.getAdminClient(JmxStat.java:275)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFactory.java:340)
... 2 more
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client;
msg=Error opening socket: javax.net.ssl.SSLException: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty;
targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty]
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:343)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.
(SOAPConnectorClient.java:176)
... 7 more
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty; targetException=java.lang.IllegalArgumentException:
Error opening socket: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at org.apache.soap.transport.http.SOAPHTTPConnection.send(Unknown Source)
at org.apache.soap.rpc.Call.invoke(Unknown Source)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient$4.run(SOAPConnectorClient.java:316)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:301)
... 8 more
我使用自己生成的JKS证书时没有出现任何问题,求知道错误的帮忙看看,另外我的pkcs证书也是自己使用iKeyman生成的,以下是我的程序代码:
public static AdminClient getAdminClient() {
//pkcs12
keystorePath = "c:/test/test1/key.p12";
truststorePath = "c:/test/test1/trust.p12";
//jks
//keystorePath = "c:/test/key.jks";
//truststorePath = "c:/test/trust.jks";
System.setProperty("javax.net.debug","ssl");
Properties props= new Properties();
props.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);
props.setProperty(AdminClient.CONNECTOR_HOST, "localhost");
props.setProperty(AdminClient.CONNECTOR_PORT, "8880");
props.setProperty(AdminClient.USERNAME, "admin");
props.setProperty(AdminClient.PASSWORD, "admin");
props.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");
props.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
props.setProperty("com.ibm.ssl.trustStoreFileBased", "true");
if(keystorePath.endsWith(".p12")){
props.setProperty("com.ibm.ssl.keyStoreType", "PKCS12");
props.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
}else{
props.setProperty("com.ibm.ssl.keyStoreType", "JKS");
props.setProperty("javax.net.ssl.keyStoreType", "JKS");
}
props.setProperty("com.ibm.ssl.keyStore", keystorePath);
props.setProperty("com.ibm.ssl.keyStorePassword", password);
props.setProperty("javax.net.ssl.keyStore", keystorePath);
props.setProperty("javax.net.ssl.keyStorePassword", password);
if(truststorePath.endsWith(".p12")){
props.setProperty("com.ibm.ssl.trustStoreType", "PKCS12");
props.setProperty("javax.net.ssl.trustStoreType", "PKCS12");
}else{
props.setProperty("com.ibm.ssl.trustStoreType", "JKS");
props.setProperty("javax.net.ssl.trustStoreType", "JKS");
}
props.setProperty("javax.net.ssl.trustStore", truststorePath);
props.setProperty("javax.net.ssl.trustStorePassword", password);
props.setProperty("com.ibm.ssl.trustStore", truststorePath);
props.setProperty("com.ibm.ssl.trustStorePassword", password);
AdminClient ac = null;
try {
ac = AdminClientFactory.createAdminClient(props);
}
catch(Exception ex) {
new AdminException(ex).printStackTrace();
System.out.println("getAdminClient: exception");
}
return ac;
}收起