在Java程序中使用浏览器的证书
Arv*_*ind 5 java ssl google-chrome httpurlconnection ssl-certificate
我正在尝试使用Java中的HttpURLConnection发出HTTP GET请求。当我开始使用浏览器时,它说我的证书不受信任,您要继续吗?我接受证书,并且GET请求获取数据。但是我在java中获得证书异常(下面给出)
我从该异常中了解到的是,在发出GET请求之前,我需要下载该证书并放置此java系统属性。
我的问题是。
- 如何从浏览器下载此证书?
- 我可以在我的Java程序中使用浏览器的证书存储,使用它需要知道些什么?
- 如果我想在密钥库中安装证书,那该怎么办?
非常感谢 :)
我正在尝试使用keytool命令下载证书。我不知道证书存储在服务器中的位置,但是我给出了我在浏览器中使用的服务器的路径,浏览器说证书不受信任。
URL gatewayServiceUrl = new URL("http://192.168.55.179:56400/nwa");
HttpURLConnection connection = (HttpURLConnection) gatewayServiceUrl.openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Authorization", getExample.getBasicAuth());
connection.connect();
if (HttpURLConnection.HTTP_OK == connection.getResponseCode()) {
System.out.println("success");
System.out.println(getExample.getDataFromStream(connection.getInputStream()));
} else {
System.out.println("success");
System.out.println(getExample.getDataFromStream(connection.getErrorStream()));
}
System.out.println(connection.getResponseCode());
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.testweb.GetExample.main(GetExample.java:18)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
您必须将服务器证书的颁发者 CA(或直接添加服务器证书,例如您的 cds 是自签名的)到信任库,以避免 PKIX 路径构建器异常。
默认情况下,java 信任库位于 JAVA_HOME/jre/lib/security/cacerts(您可以使用 javax.net.ssl.trustStore 属性指定另一个信任库)。
为此,首先下载服务器证书。您可以下载服务器证书,例如 Chrome 连接到服务器 url 并单击绿色锁,然后选择选项卡连接并单击证书信息:
然后将此证书保存在光盘上。
现在您必须将此证书添加到 java 信任库,您可以使用 java keytool 来完成(如果在您的路径中,则使用 keytool 如果不是 keytool 在 JAVA_HOME/bin/keytool 上):
keytool -import -trustcacerts -alias myServerCertificate -file path/myServerCert.crt -keystore JAVA_HOME/jre/lib/security/cacerts
cacerts 的默认密码是:changeit
希望这可以帮助,
| 归档时间: |
|
| 查看次数: |
11699 次 |
| 最近记录: |