본문 바로가기
SERVER/STUDY

Google Recaptcha V2.0 javax.net.ssl.SSLHandshakeException https 미사용 시 처리

dy20c 2018. 5. 10. 17:57

 JDK 1.5 / Spring Framework

 WAS : JEUS / DB: MySQL / Web-Server : Webtob

 표준프레임워크 공통컴포넌트 기반


에러발생


javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

        java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is:

        java.security.cert.CertPathValidatorException: Certificate chaining error

        at com.ibm.jsse2.n.a(n.java:18)

        at com.ibm.jsse2.jc.a(jc.java:463)

        at com.ibm.jsse2.db.a(db.java:179)

        at com.ibm.jsse2.db.a(db.java:107)

        at com.ibm.jsse2.eb.a(eb.java:83)

        at com.ibm.jsse2.eb.a(eb.java:237)

        at com.ibm.jsse2.db.m(db.java:56)

        at com.ibm.jsse2.db.a(db.java:174)

        at com.ibm.jsse2.jc.a(jc.java:579)

        at com.ibm.jsse2.jc.g(jc.java:168)

        at com.ibm.jsse2.jc.a(jc.java:106)

        at com.ibm.jsse2.jc.startHandshake(jc.java:129)

        at com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:93)

        at com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:73)

        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:866)

        at com.ibm.net.ssl.www2.protocol.https.a.getOutputStream(a.java:23)

        at egovframework.adt.uss.olh.qna.service.impl.RecaptchaVerify.verify(RecaptchaVerify.java:45)

        at egovframework.adt.uss.olh.qna.web.EgovQnaManageController.insertQnaCn(EgovQnaManageController.java:409)

        at sun.reflect.GeneratedMethodAccessor986.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:618)

        at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)

        at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)

        at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)

        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:818)

        at jeus.servlet.engine.ServletWrapper.executeServlet(ServletWrapper.java:328)

        at jeus.servlet.filter.FilterChainImpl.internalDoFilter(FilterChainImpl.java:138)

        at jeus.servlet.filter.FilterChainImpl.doFilter(FilterChainImpl.java:90)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:99)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

        at jeus.servlet.filter.FilterChainImpl.internalDoFilter(FilterChainImpl.java:121)

        at jeus.servlet.filter.FilterChainImpl.doFilter(FilterChainImpl.java:90)

        at egovframework.adt.cmm.filter.HTMLTagFilter.doFilter(HTMLTagFilter.java:36)

        at jeus.servlet.filter.FilterChainImpl.internalDoFilter(FilterChainImpl.java:121)

        at jeus.servlet.filter.FilterChainImpl.doFilter(FilterChainImpl.java:90)

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at jeus.servlet.filter.FilterChainImpl.internalDoFilter(FilterChainImpl.java:121)

        at jeus.servlet.filter.FilterChainImpl.doFilter(FilterChainImpl.java:90)

        at jeus.servlet.engine.ServletWrapper.execute(ServletWrapper.java:204)

        at jeus.servlet.engine.WebtobRequestProcessor.run(WebtobRequestProcessor.java:201)

Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

        java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is:

        java.security.cert.CertPathValidatorException: Certificate chaining error

        at com.ibm.jsse2.util.f.b(f.java:43)

        at com.ibm.jsse2.util.f.b(f.java:11)

        at com.ibm.jsse2.util.e.a(e.java:10)

        at com.ibm.jsse2.yb.checkServerTrusted(yb.java:36)

        at com.ibm.jsse2.hb.checkServerTrusted(hb.java:4)

        at com.ibm.jsse2.eb.a(eb.java:180)

        ... 73 more

Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

        java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is:

        java.security.cert.CertPathValidatorException: Certificate chaining error

        at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:249)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:215)

        at com.ibm.jsse2.util.f.b(f.java:1)

        ... 78 more

Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is:

        java.security.cert.CertPathValidatorException: Certificate chaining error

        at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)

        at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)

        at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:474)

        at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:386)

        at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:332)

        at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:195)

        ... 80 more

Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error

        at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)

        at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)

        ... 85 more


https를 recaptcha Controller에서 try 부분에서 변경하면됨. 

before

 try{

URL obj = new URL(url);

HttpURLConnection con = (HttpURLConnection) obj.openConnection();




after

  try{

URL obj = new URL(url);

HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();



발생 원인은

The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted

요녀석 때문이다.


SSL 인증서가 공식적인게 아니라 문제가 좀 있다.

이 외에도 처리 방법은 많아. java -keytool을 이용해 서버에서 trust store를 만드는 방법도 있지만,

잘되던게 운영상에서 갑자기 되지 않아 급하게 처리.



저작자표시

'SERVER > STUDY' 카테고리의 다른 글

로컬환경 Eclipse+Tomcat 에서 SSL(https) 사용하기  (1) 2018.02.27
일정 및 컨텐츠  (0) 2018.01.02
접근1. 서버_웹/인터넷  (0) 2018.01.02

'SERVER/STUDY' Related Articles

티스토리툴바