问题
I am using a Java 1.7 application running on a JBoss7.0.2.Final server.
I created a REST endpoint to handle user login. This works fine, but when I call Google's recaptcha (v2) url (https://www.google.com/recaptcha/api/siteverify), I get the following error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
This was working with no errors yesterday, and there have been no changes on our server, so I suspect something might have changed on googles end.
Question
Does anyone know why I have started to get this error today, and how I can resolve it?
More info:
I have tried building our application (mvn clean install) with the following paramaters, but it makes no difference.
-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1
More Info:
If I call Google's verify endpoint directly with Postman, I don't get the handshake error:
POST https://www.google.com/recaptcha/api/siteverify?secret=seceret-key&response=rechapta
Also if I call it from another JBoss servers we have (localhost & another environment), it does not get the handshake error.
So something must not be correct on our server.
回答1:
I added Google's certificate (*.google.com.cer) to the servers cacerts (at the servers jre, e.g. /home/jboss/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64/jre/lib/security/cacerts). Restart the jboss server.
Owner: CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US
Issuer: CN=GTS CA 1O1, O=Google Trust Services, C=US
Serial number: 6e4318b8d790165c0300000000badb8a
Valid from: Tue Nov 10 16:34:43 SAST 2020 until: Tue Feb 02 16:34:42 SAST 2021
The certificate can be copied from this url: https://www.google.com/recaptcha/api/siteverify.
(see https://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed/)
来源:https://stackoverflow.com/questions/65302866/sslhandshakeexception-for-google-recaptcha