我正在尝试获取远程服务器的证书,然后我可以使用它来添加到我的密钥库并在我的java应用程序中使用.
一位资深开发者(节假日:())告诉我,我可以运行这个:
openssl s_client -connect host.host:9999
要获取原始证书,我可以将其复制并导出.我收到以下输出:
depth=1 /C=NZ/ST=Test State or Province/O=Organization Name/OU=Organizational Unit Name/CN=Test CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
23177:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
23177:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
我也试过这个选项
-showcerts
而这一个(在debian上运行你的头脑)
-CApath /etc/ssl/certs/
但得到同样的错误.
这个消息来源说我可以使用那个CApath标志,但它似乎没有帮助.我尝试了多条路径无济于事.
请让我知道我哪里出错了.
我正在使用Jersey Client库对运行在jboss上的休息服务运行测试.我使用自签名证书在服务器上运行https(在localhost上运行).
但是每当我使用https url运行测试时,我都会收到以下错误:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
at com.sun.jersey.api.client.Client.handle(Client.java:629)
at com.sun.jersey.oauth.client.OAuthClientFilter.handle(OAuthClientFilter.java:137)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:601)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:459)
at test.helper.Helper.sendSignedRequest(Helper.java:174)
... And so on
我知道这是因为我的自签名证书不在java密钥库中.我有什么方法可以Client不检查ssl证书的有效性,并且无论如何都使用它?
此代码将仅针对测试服务器运行,因此我不想在每次设置新测试服务器时都不必添加新的可信证书.
这是拨打电话的代码:
OAuthParameters params = new OAuthParameters();
// baseline OAuth parameters for access to resource
params.signatureMethod(props.getProperty("signature_method"));
params.consumerKey(props.getProperty("consumer_key"));
params.setToken(props.getProperty("token"));
params.setVersion("1.0");
params.nonce();
// OAuth secrets to access resource
OAuthSecrets secrets = new OAuthSecrets();
secrets.consumerSecret(props.getProperty("consumer_secret"));
secrets.setTokenSecret(props.getProperty("token_secret"));
// Jersey client to make …此代码连接到HTTPS站点,我假设我没有验证证书.但为什么我不必在本地为该网站安装证书?我不应该在本地安装证书并为此程序加载它还是在封面下载?客户端到远程站点之间的流量是否仍然在传输中加密?
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class TestSSL {
public static void main(String[] args) throws Exception {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
} …