java - 将 SSL_CLIENT_CERT 设置为文件

问题描述

对于一些自动化测试，我在 apache 反向代理上配置虚拟主机。我希望虚拟主机自动将 x509 客户端证书添加到请求中以在远程服务器上进行身份验证

我试过设置：

RequestHeader set SSL_CLIENT_CERT file('/path/to/vert.p12')

但是好像远程服务器上的tomcat实例无法读取p12文件

在某些情况下，我正在使用内置的 tomcat 实例运行 Spring Boot 应用程序。p12 文件受密码保护。

我在遥控器上的过滤器链抛出

0 WARN  org.apache.catalina.valves.SSLValve - Failed to process certificate string [-----BEGIN CERTIFICATE-----
ycert.p12')] to create a java.security.cert.X509Certificate object
java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Incomplete data
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:110)
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
        at org.apache.catalina.valves.SSLValve.invoke(SSLValve.java:159)
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: Incomplete data
        at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:612)
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:96)

标签： javaapachespring-securityhttpd.conf