java Java可以连接到通配符ssl吗
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3166373/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can Java connect to wildcard ssl
提问by Wes
We wish to buy a wild-card SSL certificate as we have a lot of sub-domains. However I don't know if Java trusts wild-card certificates. As people connect into our API via SSL it will not be sufficient for us to force all third parties we communicate with to add our SSL certificate into their local truststore.
我们希望购买通配符 SSL 证书,因为我们有很多子域。但是我不知道 Java 是否信任通配符证书。当人们通过 SSL 连接到我们的 API 时,我们强制所有与我们通信的第三方将我们的 SSL 证书添加到他们的本地信任库中是不够的。
At the moment I'm facing a dilemma to buy a wildcard certificate from a java trusted issuer or buy multiple certs one per sub-domain.
目前,我面临着从 Java 受信任的颁发者那里购买通配符证书或为每个子域购买多个证书的两难境地。
Do other languages also have a truststore? If so does anyone know if wildcard certificates work with them also.
其他语言是否也有信任库?如果是这样,有人知道通配符证书是否也适用于他们。
采纳答案by Wes
I've attempted this with java 6.
我已经用 java 6 尝试过这个。
It appears to work correctly. I've succesfully read headers and body content from a file that had a wildcard SSL certificate.
它似乎可以正常工作。我已成功从具有通配符 SSL 证书的文件中读取标题和正文内容。
package com.example.test;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
public class SSLTEST {
public static void main(String[] args) {
try {
URL url = new URL("https://test.example.com/robots.txt");
URLConnection connection = null;
try {
connection = url.openConnection();
} catch (IOException e) {
e.printStackTrace();
}
Map<String, List<String>> fields = connection.getHeaderFields();
Iterator<Entry<String, List<String>>> headerIterator = fields.entrySet().iterator();
System.out.println("HEADERS");
System.out.println("-------------------------------");
while (headerIterator.hasNext()){
Entry<String, List<String>> header = headerIterator.next();
System.out.println(header.getKey()+" :");
Iterator<String> valueIterator = header.getValue().iterator();
while (valueIterator.hasNext()){
System.out.println("\t"+valueIterator.next());
}
}
String inputLine;
DataInputStream input = new DataInputStream(connection.getInputStream());
System.out.println("BODY CONTENT");
System.out.println("-------------------------------");
while ((inputLine = input.readLine()) != null) {
System.out.println(inputLine);
}
} catch (MalformedURLException e) {
System.err.println(e);
} catch (IOException e) {
e.printStackTrace();
}
}
}
EDITI've just recieved confirmation that this works on java 1.5
编辑我刚刚收到确认这适用于 java 1.5
回答by ZZ Coder
The default implementation in Sun's JSSE doesn't support wildcard. You need to write your own X509TrustManager to handle wildcard.
Sun 的 JSSE 中的默认实现不支持通配符。您需要编写自己的 X509TrustManager 来处理通配符。
However, Java supports SAN (Subject Alternative Names) since Java 5. If you have less than 20 names, you can get one certificate for all of them. It may be cheaper than a wildcard cert.
但是,Java 从 Java 5 开始支持 SAN(主题备用名称)。如果您的名称少于 20 个,则可以为所有名称获取一书。它可能比通配符证书便宜。
