Websphere Application Server 应用访问微信公众开放平台 https 链接错误

在 WAS 布署微信公众开放平台发布开发包时,发现在原来在 Tomcat 下运行正常的调用 https 接口报出了如下错误:

javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed:java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error


原因:WAS 采用了更严格的SSL访问机制,需要事先将微信证书进行导入。

解决办法:将要访问网站的 SSL 证书导入到 WAS.

1. 打开管理控制台 【Security】 转到 【SSL certificate and key management】;

2. 点击右侧 【Key stores and certificates】 选择列表中的 【NodeDefaultTrustStore】,在新弹出界面上点击右侧 【Signer certificates】;

3. 在 Signer certificates 页面上点击表格上部的【Retrieve from port button】;

4. 在配置界面中输入 Host, Post, Alias, 例如:微信接口URL为 https://api.weixin.qq.com/.... 所以主机:api.weixin.qq.com 端口:443 别名起为:WeixinHttps

5. 点击【Retrieve signer information】,获取信息;

6. 成功后点击【OK】;

7. 然后根据顶部提示将变更保存到主配置文件中。 【Save changes directly to master configuration】 

8. 重新启动 WAS


Add SSL certificate to trust store in WebSphere Application Server with exporting the certificate.

  1. Open Admin console under Security go to SSL certificate and key management
  2. Go to Key stores and certificates > CellDefaultTrustStore > Signer certificates
  3. On signer certificates page click Retrieve from port button
  4. Enter Host, and other information to import the SSL certificate
  5. Click on Retrieve signer information
  6. Click OK
  7. Save changes directly to master configuration
  8. Restart WAS

你可能感兴趣的:(Linux,管理维护)