问题
When attempting a file upload to an Alfresco Server using ssl the server logs show no errors. The below error can be pulled from the clients logs.
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Certificates have been checked, and are valid. From this error is it possible to tell if the error is occuring on the server or client side of the ssl handshake?
I would assume that it is client side since the server shows no log entries but am not confident in my answer. Could it be that the client has an invalid certificate for the server, and it needs to be reimported as a trusted source?
New information:
The javadoc for SSLPeerUnVerifedException mentions that "the peer was not able to identify itself.". So I am led to believe that my guess stands that something needs to be addressed on the client machine?
I am unsure if this kind of question belongs here or on Serverfault, but feel free to vote to move.
I have also floated the question over on ServerFault in a different fashion.
回答1:
Alfresco does not ship a trusted (!=valid) certificate and the only SSL based communication used out of the box is between the repository and solr (since alfresco 4.0).
Nevertheless, the symptoms pretty much look like the client does not accept an untrusted certificate presented by the server. Validity (as in expiration date) is a different story.
Anyways, the fairly commonly used apache httpclient has to be "prepared" to accept and work with untrusted certificates. You should definitely check http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html if you are using it. Usually, you only import untrusted certificates. I don't know any reason to import trusted ones.
来源:https://stackoverflow.com/questions/9196265/sslpeerunverifiedexception-during-attempted-upload