/* 사설인증서 아이피 인증서 자바에서 오류시 처리 방법 */
/* 자바 인증서 생성 */
c:\dataworks>keytool -genkey -alias dataworks -keyalg RSA -storetype PKCS12 -keystore keystore_local.p12 -validity 100000
키 저장소 비밀번호 입력:
새 비밀번호 다시 입력:
이름과 성을 입력하십시오.
[Unknown]: 192.168.4.13
조직 단위 이름을 입력하십시오.
[Unknown]: org
조직 이름을 입력하십시오.
[Unknown]: local
구/군/시 이름을 입력하십시오?
[Unknown]: Seoul
시/도 이름을 입력하십시오.
[Unknown]: Seoul
이 조직의 두 자리 국가 코드를 입력하십시오.
[Unknown]: KR
CN=192.168.4.13, OU=org, O=local, L=Seoul, ST=Seoul, C=KR이(가) 맞습니까?
[아니오]: y
/* 키를 적용해서 인증서 적용된 사이트를 실행후에 자바쪽에 신뢰할수 있는 정보 추가 */
자바 소스 다운 받아 컴파일
curl -O https://gist.githubusercontent.com/lesstif/cd26f57b7cfd2cd55241b20e05b5cd93/raw/InstallCert.java
/* 컴파일 */
javac InstallCert.java
c:\dataworks>java -cp ./ InstallCert 192.168.4.13:29001
Loading KeyStore jssecacerts...
Opening connection to 192.168.4.13:29001...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:353)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
at InstallCert.main(InstallCert.java:116)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:232)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:109)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:199)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1255)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 20 more
Server sent 1 certificate(s):
1 Subject CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
Issuer CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
sha1 dd ea 21 35 4c ec d2 09 8e bf 30 c6 86 fc 4e 21 24 63 7a d9
md5 2c 5b f1 83 a3 37 f0 28 33 7d d7 4d 0a 8f ff e6
Enter certificate to add to trusted keystore or 'q' to quit: [1]
/* 1번 선택 */
1
[
[
Version: V3
Subject: CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 16457448100647164241071155444616913976411841231360055635964663500951534257361352251817753814067086243362725546157976108748339723548638218917907115101535854400388071034841734935680415196318935164019386711996355397449290341665715202509757412410214540157718782944119128275156908960345986162763859853091843403921677312393478946928671217172743709408460094821501427501493071566231375109759266558106325751301098989354752556529617328567110938452633189919854700293523897695056068621225009316760698829040822578325778953459284194828965548546776667162845017020357188086220086680906358197462535912291315478170487615014061386513711
public exponent: 65537
Validity: [From: Wed May 10 14:01:59 KST 2023,
To: Mon Feb 22 14:01:59 KST 2297]
Issuer: CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
SerialNumber: [ 7466b57b]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D3 10 6F 42 FA 7C A9 AE C8 6B 0C 05 67 00 D6 E2 ..oB.....k..g...
0010: 86 8B 68 55 ..hU
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 28 BB 1D FD FF EE 69 D2 65 42 0C B7 B0 4A 32 3A (.....i.eB...J2:
0010: FF 22 B0 AA 76 6A B7 74 51 73 19 86 FB 56 C3 2E ."..vj.tQs...V..
0020: 5D 31 55 CD 55 96 E7 97 12 90 64 A3 6A 57 6C C9 ]1U.U.....d.jWl.
0030: 3E 24 E0 63 6B 98 21 76 D0 79 F2 D5 4B E9 DA AD >$.ck.!v.y..K...
0040: D7 C0 0B 34 3E A8 4A 31 16 F3 45 99 88 E3 00 23 ...4>.J1..E....#
0050: 73 EA 5F 27 4C D7 F1 A6 81 F7 AD 4C 67 B8 D9 44 s._'L......Lg..D
0060: 5B 89 9F C5 08 4B 3D EE D9 83 00 61 3E 6A AD 4A [....K=....a>j.J
0070: 17 90 B7 4C 15 2B 9F 4B 0C A4 62 8C DB 37 10 5A ...L.+.K..b..7.Z
0080: 69 7D 48 DA C1 A8 25 12 AB D5 29 8B 54 A1 CC 96 i.H...%...).T...
0090: C5 45 34 BB 10 FD 58 6D B9 AD 35 AA 14 6F 4F F9 .E4...Xm..5..oO.
00A0: 08 F2 3B 30 12 0D CD 97 7F D8 0E A5 39 97 08 39 ..;0........9..9
00B0: 24 5F 4F 39 54 07 00 DB C8 5F 37 6F E9 70 6C FE $_O9T...._7o.pl.
00C0: 40 D2 8B 64 FE 55 06 28 E0 52 3A D2 CB 6C D5 79 @..d.U.(.R:..l.y
00D0: 6E 81 55 9A AB A1 88 8D 2A DB 4B 58 12 0B 1B 72 n.U.....*.KX...r
00E0: EF 18 9C 91 9E 58 C7 81 38 CE 51 4C 2D 15 E7 81 .....X..8.QL-...
00F0: FA 2C 5A 3D 7D 46 A6 CF E9 81 BC AF 5D A6 99 BC .,Z=.F......]...
]
Added certificate to keystore 'jssecacerts' using alias '192.168.4.13-1'
c:\dataworks>
/* 인증서 파일 생성 */
/* 위에 생성된 알리아스 명과 동일하게 입력 */
keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert -alias 192.168.4.13-1
/* 자바에 인증서 등록 */
keytool -importcert -keystore c:/jdk1.8.0_271/jre/lib/security/cacerts -storepass changeit -file output.cert -alias 192.168.4.13-1
/* 이미 등록되어 있어서 오류가 발생할 경우 삭제하고 등록 */
keytool -delete -keystore c:/jdk1.8.0_271/jre/lib/security/cacerts -storepass changeit -alias 192.168.4.13-1
c:\dataworks>keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert -alias 192.168.4.13-1
인증서가 <output.cert> 파일에 저장되었습니다.
c:\dataworks>keytool -importcert -keystore c:/jdk1.8.0_271/jre/lib/security/cacerts -storepass changeit -file output.cert -alias 192.168.4.13-1
keytool 오류: java.lang.Exception: 인증서가 임포트되지 않았으며 <192.168.4.13-1> 별칭이 존재합니다.
c:\dataworks>keytool -delete -keystore c:/jdk1.8.0_271/jre/lib/security/cacerts -storepass changeit -alias 192.168.4.13-1
c:\dataworks>keytool -importcert -keystore c:/jdk1.8.0_271/jre/lib/security/cacerts -storepass changeit -file output.cert -alias 192.168.4.13-1
소유자: CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
발행자: CN=192.168.4.13, OU=invako, O=local, L=Seoul, ST=Seoul, C=KR
일련 번호: 7466b57b
적합한 시작 날짜: Wed May 10 14:01:59 KST 2023 종료 날짜: Mon Feb 22 14:01:59 KST 2297
인증서 지문:
SHA1: DD:EA:21:35:4C:EC:D2:09:8E:BF:30:C6:86:FC:4E:21:24:63:7A:D9
SHA256: B5:A7:E3:B2:9A:5B:69:36:41:EA:F4:63:BB:DC:5F:6D:02:72:21:30:10:17:E7:AC:F7:03:06:51:38:CC:B5:23
서명 알고리즘 이름: SHA256withRSA
주체 공용 키 알고리즘: 2048비트 RSA 키
버전: 3
확장:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D3 10 6F 42 FA 7C A9 AE C8 6B 0C 05 67 00 D6 E2 ..oB.....k..g...
0010: 86 8B 68 55 ..hU
]
]
이 인증서를 신뢰합니까? [아니오]: y
인증서가 키 저장소에 추가되었습니다.
/* 인증서가 잘 등록되었는지 확인 */
java -cp ./ InstallCert 192.168.4.13:29001
/* 서버 재기동 */
/* 인증서 등록후 서버 재기동 후 접속하여 확인한다 */
curl -v -k https://192.168.4.13:27003/dataworks
c:\dataworks>curl -v -k https://192.168.4.13:27003/dataworks
* Trying 192.168.4.13:27003...
* Connected to 192.168.4.13 (192.168.4.13) port 27003 (#0)
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
> GET /dataworks HTTP/1.1
> Host: 192.168.4.13:27003
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 200
< Date: Wed, 10 May 2023 05:48:30 GMT
< Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
< Transfer-Encoding: chunked
<
{"_links":{"self":{"href":"https://192.168.4.13:29001/dataworks","templated":false},"health":{"href":"https://192.168.4.13:29001/dataworks/health","templated":false},"health-component":{"href":"https://192.168.4.13:29001/dataworks/health/{component}","templated":true},"health-component-instance":{"href":"https://192.168.4.13:29001/dataworks/health/{component}/{instance}","templated":true}}}* Connection #0 to host 192.168.4.13 left intact
c:\dataworks>
/* 정상접속 확인 */
'프로그램 > 자바' 카테고리의 다른 글
| 레이어드 아키텍처 (0) | 2023.09.10 |
|---|---|
| 첨부파일 다운로드 & 업로드 (0) | 2023.06.07 |
| 자바 cors 우회하기 get,post방식 (0) | 2022.07.12 |
| 자바 랜덤 API 암호화 BASE64 KEY 생성 (0) | 2022.01.13 |
| 전자정부프레임워크 스케줄러 생성 (0) | 2021.12.15 |
댓글