While I've been familiar with HTTPS and the concept of SSL, I have recently begun some development and found I am a little confused.

虽然我已经熟悉 HTTPS 和 SSL 的概念，但我最近开始了一些开发，发现我有点困惑。

The requirement was that I write a small Java application that runs on a machine attached to a scanner. When a document is scanned this is picked up and the file (usually PDF) sent over the internet to our application server that will then process it. I've written the application using Apache Commons libraries and HTTPClient.

要求是我编写了一个小型 Java 应用程序，该应用程序在连接到扫描仪的机器上运行。当文档被扫描时，它会被拾取，文件（通常是 PDF）通过互联网发送到我们的应用程序服务器，然后我们将对其进行处理。我已经使用 Apache Commons 库和 HTTPClient 编写了应用程序。

The second requirement was to connect over SSL, requiring a certificate. Following guidance on the HTTPclient page I am using AuthSSLProtocolSocketFactory from the contributions page.

第二个要求是通过 SSL 连接，需要证书。按照 HTTPclient 页面上的指导，我正在使用来自贡献页面的 AuthSSLProtocolSocketFactory。

The constructor can take a keystore, keystore password, truststore and truststore password. As an initial test our DBA enabled SSL on one of our development webservers and provided me with a .p12 file which when I imported into IE allows me to connect successfully.

构造函数可以采用密钥库、密钥库密码、信任库和信任库密码。作为初始测试，我们的 DBA 在我们的一个开发网络服务器上启用了 SSL，并为我提供了一个 .p12 文件，当我导入到 IE 时，我可以成功连接。

I am a bit confused between keystores and truststores and what steps I need to take using the keytool. I tried importing the p12 into a keystore file but get the error:

我对密钥库和信任库以及使用 keytool 需要采取的步骤有些困惑。我尝试将 p12 导入密钥库文件，但出现错误：

keytool error: java.lang.Exception: Input not an X.509 certificate

I followed a suggestion of importing the p12 into Internet Explorer and exporting as a .cer which I can then successfully import into a keystore. When I supply this as a keystore argument of the AuthSSLProtocolSocketFactory I get a meaningless errror, but if I try it as a truststore it seems like it reads it fine but ultimately I get

我遵循了将 p12 导入 Internet Explorer 并导出为 .cer 的建议，然后我可以成功导入到密钥库中。当我将它作为 AuthSSLProtocolSocketFactory 的密钥库参数提供时，我得到一个毫无意义的错误，但是如果我将它作为信任库尝试，它似乎可以很好地读取它，但最终我得到了

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

I am unsure if I have missed some steps, I am misunderstanding SSL and mutual authentication altogether or this is mis-configuration on the server side.

我不确定我是否遗漏了一些步骤，我完全误解了 SSL 和相互身份验证，或者这是服务器端的错误配置。

Can anyone provide suggestions or point me towards resources that might help me figure this out please?

任何人都可以提供建议或指向我可以帮助我解决这个问题的资源吗？