javax.net.ssl.SSLHandshakeException: General SSLEngine problem

728x90

ssl 인증서 에러 발생했다. 해결 방법은 인증서를 생성하여 로컬에 설치했다.

error :

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[?:1.8.0_212-1-ojdkbuild]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_212-1-ojdkbuild]
	at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510) ~[netty-codec-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449) ~[netty-codec-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279) ~[netty-codec-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) ~[netty-transport-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.78.Final.jar:4.1.78.Final]
	at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_212-1-ojdkbuild]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_212-1-ojdkbuild]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_212-1-ojdkbuild]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	... 21 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_212-1-ojdkbuild]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_212-1-ojdkbuild]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_212-1-ojdkbuild]
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_212-1-ojdkbuild]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_212-1-ojdkbuild]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_212-1-ojdkbuild]
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395) ~[netty-handler-4.1.78.Final.jar:4.1.78.Final]
	... 21 more

해결 : 처음에 인증서를 생성해주는 InstallCert.java 파일을 다운 받고 진행한다.

InstallCert.java 컴파일
%JAVA_HOME%\bin\javac [workspace]\InstallCert.java

도메인에서 인증서를 로컬 pc에 저장한다
java InstallCert [허용할 도메인명]

결과 메세지 >>> jssecacerts 파일 생성 => Added certificate to keystore 'jssecacerts' using alias [허용할 도메인명]


인증서 추출
%JAVA_HOME%\bin\keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert -alias [허용할 도메인명]

인증서 설치
%JAVA_HOME%\bin\keytool -importcert -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass changeit -file output.cert -alias [허용할 도메인명]

자바홈의 jre에 있는 인증서를 삭제(삭제할 인증서가 있다면)
%JAVA_HOME%\bin\keytool -delete -alias [허용할 도메인명] -keystore %JAVA_HOME%\jre\lib\security/cacerts

인증서 리스트 확인
%JAVA_HOME%\bin\keytool -list -keystore %JAVA_HOME%\jre\lib\security/cacerts -storepass changeit -alias [허용할 도메인명]

도움 받은 블로그 목록

https://hulint.tistory.com/19

java 인증서 추가 방법

참고 : http://lesstif.com/pages/viewpage.action?pageId=12451848 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 톰캣에서 https 호출시에 위와 같

hulint.tistory.com

https://m.blog.naver.com/toy_ssl/110168927395

[SSL/keytool] keystore 인증서 추가/삭제

1. keystore 인증서 추가 - keystore에 인증서를 추가할 때에는 아래와 같은 명령어를 사용한다. keytool -...

blog.naver.com

https://www.ibm.com/docs/ko/urbancode-deploy/6.2.0?topic=configuration-changing-passwords-server-keystore

서버 키 저장소의 비밀번호 변경

서버에 대한 Java™ 키 저장소 비밀번호를 변경할 수 있습니다. 이 태스크 정보 서버 Java 키 저장소 비밀번호는 해당 인증서 비밀번호와 동일해야 합니다. 서버 키 저장소 비밀번호 및 인증서 비

www.ibm.com

https://zeddios.tistory.com/41

JAVA ) 오류: 기본 클래스 ...을(를) 찾거나 로드할 수 없습니다.

안녕하세요! 오늘은 무시무시한 오류.. 오류: 기본 클래스 ...을(를) 찾거나 로드할 수 없습니다.에 대해서 알아보려고 해요! 사실 이 전글에서 컴파일 하는데도 이 오류때문에..한참을 헤맸답니

zeddios.tistory.com

728x90

저작자표시 (새창열림)

'BACKEND > error' 카테고리의 다른 글

개발자 공급 과잉과 경기 침체 속에서 취업하기(feat.현재 상황 error 404) (1)	2025.04.06
Spring Boot 에서 CORS 설정시 addAllowedOrigin에러 (0)	2022.08.24
빈 생성 에러 Consider defining a bean of type~ (0)	2022.08.12
IntelliJ cannot resolve symbol.. 에러 해결 (0)	2021.12.09

'BACKEND > error' 카테고리의 다른 글

티스토리툴바