본문 바로가기
IBM - old/WAS 문제&해결

공인된 CA 에서 인증받은 인증서를 쓰는 사이트 접속시 CWPKI0022E: SSL 핸드쉐이크 장애

by freeman98 2016. 5. 9.

1. WAS 버전 : WebSphere ND All

2. OS : All

3. Error 발생 시점 :  공인된 CA 에서 인증받은 인증서를 쓰는 사이트 접속시 CWPKI0022E: SSL 핸드쉐이크 장애

4. Error message :
[10. 10. 19   11:24:34:546 KST] 00000064 WSX509TrustMa E   CWPKI0022E: SSL 핸드쉐이크 장애: SubjectDN "CN=*.twitter.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)10, OU=GT57932074, O=*.twitter.com, C=US, SERIALNUMBER=Zys2dJJ09EPoEVGXYtegIdxG3OZtEOib"이(가) 있는 서명자가 대상 호스트에서 전송되었습니다. 포트 "api.twitter.com:443". SSL 구성 파일 "security.xml"에서 로드된 SSL 구성 별명 "NodeDefaultSSLSettings"에 있는 로컬 트러스트 스토어 "W:/XXXX/trust.p12"에 서명자를 추가해야 합니다. SSL 핸드쉐이크 예외에서 확장 오류 메시지는 "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error"입니다.
[10. 10. 19   11:24:34:578 KST] 00000064 servlet       I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [WC] [/] [/common/ErrorPage.jsp]: 초기화가 수행되었습니다.
[10. 10. 19   11:24:34:578 KST] 00000064 _ErrorPage    E com.ibm._jsp._ErrorPage _jspService com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
                                 TwitterException{statusCode=-1, retryAfter=0, rateLimitStatus=null}
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:316)
    at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:68)
    at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:82)
    at twitter4j.Twitter.getUserTimeline(Twitter.java:320)
    at com.emartmall.core.twitter.TwitterUtils.getEmartmallTimeline(TwitterUtils.java:64)
    at com.ibm._jsp._CommunityTwitter._jspService(_CommunityTwitter.java:276)
    at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:98)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1661)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1595)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:131)
    at com.emartmall.frm.jsp.CatchUrl.doFilter(CatchUrl.java:496)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:895)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:932)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:500)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
    at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:121)
    at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:239)
    at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionProcessor.handleRequest(AbstractJSPExtensionProcessor.java:340)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3810)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:183)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.n.a(n.java:36)
    at com.ibm.jsse2.sc.a(sc.java:442)
    at com.ibm.jsse2.gb.a(gb.java:18)
    at com.ibm.jsse2.gb.a(gb.java:205)
    at com.ibm.jsse2.hb.a(hb.java:46)
    at com.ibm.jsse2.hb.a(hb.java:57)
    at com.ibm.jsse2.gb.n(gb.java:285)
    at com.ibm.jsse2.gb.a(gb.java:146)
    at com.ibm.jsse2.sc.a(sc.java:88)
    at com.ibm.jsse2.sc.g(sc.java:437)
    at com.ibm.jsse2.sc.a(sc.java:544)
    at com.ibm.jsse2.sc.startHandshake(sc.java:124)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:48)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:39)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1044)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:385)
    at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:32)
    at twitter4j.internal.http.HttpResponseImpl.<init>(HttpResponseImpl.java:42)
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:279)
    ... 37 more
Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.util.e.b(e.java:101)
    at com.ibm.jsse2.util.e.b(e.java:35)
    at com.ibm.jsse2.util.d.a(d.java:12)
    at com.ibm.jsse2.gc.a(gc.java:28)
    at com.ibm.jsse2.gc.checkServerTrusted(gc.java:16)
    at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:358)
    at com.ibm.jsse2.hb.a(hb.java:6)
    ... 51 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
    at com.ibm.jsse2.util.e.b(e.java:49)
    ... 57 more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
dB
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
    at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:732)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
    ... 59 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
    ... 63 more

5. 예상 이유 :
 공인된 CA 에서 인증받은 인증서를 쓰는 사이트 접속시 공인업체의 해당 인증서가 WAS 의 Trust store 에 저장되어 있지 않아서

6. 조치 방안 :
 해당 공인업체의 사이트에 가서 필요한 인증서를 다운로드 받은후 (http://www.geotrust.com/resources/root-certificates/index.html 참조)
 WAS 의 Trust srore 에 저장한 후 해당 WAS 서버를 재시작 하면 정상적으로 반영됨

'IBM - old > WAS 문제&해결' 카테고리의 다른 글

WSWS3052E: Error: Bad envelope namespace  (0) 2016.05.09
한번도 로딩되지 않았던, method 가 추가된 class 를 hot deploy 이후 Exception 발생  (0) 2016.05.09
JSP compile 시에 JDK 5.0 기능인 auto-boxing 미지원  (0) 2016.05.09
WAS plugin component 에 대한 Error message List  (0) 2016.05.09
JSP compile 시에 해당 method 가 65535 bytes 한계를 넘으면서 JSPG0049E 발생  (0) 2016.05.09

관련글

댓글

티스토리툴바