问题描述:

CertificateManagement : Server is not trusted.Received fatal alert: handshake_failure. Now installing certificates
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

当升级BMC CLM至4.6后,调用部分webservice会出现这个问题,该问题的主要原因是:Tomcat 7 getting SSLv2Hello is disabled error when trying to make client server ssl authntication,Java 6 uses an SSLv2Hello pseudo message to encapsulate the Client Hello message. By default,
Java 7 rejects handshake requests that use the SSLv2Hello pseudo message. This is what is causing the SSL/TLS handshake to fail.

所以解决办法有两种:1修改tomcat7配置文件,允许SSLv2Hello,2修改tomcat6配置文件,禁用SSLv2Hello

解决方案1

1 修改tomcat7配置文件server.xml,修改为如下内容

<!-- 修改前 -->
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

<!--修改后 -->
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello" />

如果这些配置都在catalina.properties文件配置的话,那就需要改这个文件,不用改上面的了。

下面只是修改完成后的示例

# Connector HTTPS (SSL) enabled protocols
# Default=TLSv1,TLSv1.,TLSv1.
#
bna.connector.sslEnabledProtocols=TLSv1,TLSv1.,TLSv1.,SSLv2Hello

解决方案2

1 禁用SSLv2Hello握手协议

修改java启动选项参数。打开tomcat,在java tab页下最后一行添加如下参数:

java -Dhttps.protocols="SSLv2Hello"

如果还是不行,建议升级到同一版本吧

注意:修改前请停掉tomcat服务,修改完再启动

参考

Tomcat 7 getting SSLv2Hello is disabled error when trying to make client server ssl authntication

Certificate downloaded from cloudexpress:11443 is invalid的更多相关文章

  1. System Error Codes

    很明显,以下的文字来自微软MSDN 链接http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382(v=vs.85).aspx M ...

  2. [TroubleShooting] The server network address can not be reached or does not exist

    Backtround: I'm trying to set up mirroring between two sql 2008 R2 databases on different servers in ...

  3. caddy server 默认https && http2的验证

    1. 下载     https://caddyserver.com/   注意选择应该包含的模块,此次包含了git 插件   2. 配置    使用 Caddyfile    内容如下:     ro ...

  4. Windows Error Codes

    http://www.briandunning.com/error-codes/?source=Windows Windows Error Codes List All Error Codes | S ...

  5. 配置tomcat连接器后,启动服务报错“No Certificate file specified or invalid file format"异常

    1:原来的配置是 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true&quo ...

  6. Installing Windows Identity Foundation on Windows 8 - The Certificate for the signer of the message is invalid or not found.

    Just a very quick note here, in case you’re struggling to get Windows Identity Foundation installed ...

  7. 配置CAS错误No Certificate file specified or invalid file format

    配置tomcat证书 keystore文件后启动一直报错:(tomcat版本:apache-tomcat-6.0.43) tomcat配置: <Connector port="8443 ...

  8. 解决“The remote certificate is invalid according to the validation procedure”问题

    在用HttpClient发起https请求时,遭遇了“The remote certificate is invalid according to the validation procedure”异 ...

  9. (转)The remote certificate is invalid according to the validation procedure

    If you get “The remote certificate is invalid according to the validation procedure” exception while ...

随机推荐

  1. 安卓电量优化之JobScheduler使用介绍

    版权声明:本文出自汪磊的博客,转载请务必注明出处. 一.JobScheduler概述 JobScheduler是安卓5.0版本推出的API,允许开发者在符合某些条件时创建执行在后台的任务.在Andro ...

  2. keynote 代码高亮

    brew install highlight (同时会安装 Lua 和 Boost) highlight -K 18 -s Vampire -u 'utf-8' -O rtf test.html | ...

  3. python基础的输入字符串的格式化

    name = input("name:") age = input ("age:") job = input ("job") info = ...

  4. highcharts 系统梳理笔记

    前言 highcharts最早接触它是在4年前,后来项目中很少用到图表这些东西,就算有也是用echart.他们思路都一样自己去官网上看api即可,构造数据填充节点,没有什么难点,这次是做完手上的工作然 ...

  5. AC自动机讲解

    今天花了半天肝下AC自动机,总算啃下一块硬骨头,熬夜把博客赶出来.. 正如许多博客所说,AC自动机看似很难很妙,而事实上不难,但的确很妙.笼统地说,AC自动机=Trie+KMP,但是仅仅知道这个并没有 ...

  6. NOIP2017游记

    日常大考之前感冒(这次感冒了3周..) Day -4~Day 0 停课一周,不写作业不上课是很爽,然而想到NOIP结束第二天就要期中考.. 在学校刷刷题,跟着一大堆大佬的步伐,做着一大堆大佬的题目(其 ...

  7. 【JavaScript声明变量的规则】

    <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title> ...

  8. bzoj:4105: [Thu Summer Camp 2015]平方运算

    Description   Input 第一行有三个整数N,M,p,分别代表序列的长度.平方操作与询问操作的总次数以及在平方操作中所要模的数.   接下来一行N个数代表一开始的序列{X1,X2,... ...

  9. HDU 1312 Red and Black(DFS,板子题,详解,零基础教你代码实现DFS)

    Red and Black Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others) To ...

  10. 51 Nod 1028 大数乘法 V2【Java大数乱搞】

    1028 大数乘法 V2 基准时间限制:2 秒 空间限制:131072 KB 分值: 80 难度:5级算法题 给出2个大整数A,B,计算A*B的结果. Input 第1行:大数A 第2行:大数B (A ...