是否有可能让 Java 忽略“信任存储”而只接受它获得的任何 SSL 证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1219208/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is it possible to get Java to ignore the "trust store" and just accept whatever SSL certificate it gets?
提问by vy32
I am trying to write an SSL client that sends mail using the javax.mail API. The problem I am having is that the server request that I use SSL, but the server is also configured with a non-standard SSL certificate. The web pages I have found say that I need to install the certificate into the trust store. I don't want to do that (I don't have the necessary permissions.)
我正在尝试编写一个使用 javax.mail API 发送邮件的 SSL 客户端。我遇到的问题是服务器请求我使用 SSL,但服务器也配置了非标准 SSL 证书。我发现的网页说我需要将证书安装到信任库中。我不想这样做(我没有必要的权限。)
- Is there a way to get Java to just ignore the certificate error and accept it?
- Failing that, is there a way to have the trust store be local for my program, and not installed for the whole JVM?
- 有没有办法让 Java 忽略证书错误并接受它?
- 如果做不到这一点,有没有办法让我的程序的信任存储在本地,而不是为整个 JVM 安装?
采纳答案by Zed
You need to create a fake TrustManager that accepts all certificates, and register it as a manager. Something like this:
您需要创建一个接受所有证书的虚假 TrustManager,并将其注册为管理器。像这样的东西:
public class MyManager implements com.sun.net.ssl.X509TrustManager {
public boolean isClientTrusted(X509Certificate[] chain) { return true; }
public boolean isHostTrusted(X509Certificate[] chain) { return true; }
...
}
com.sun.net.ssl.TrustManager[] managers =
new com.sun.net.ssl.TrustManager[] {new MyManager()};
com.sun.net.ssl.SSLContext.getInstance("SSL").
.init(null, managers, new SecureRandom());
回答by H Marcelo Morales
Try this (answer to question 2):
试试这个(问题 2 的答案):
System.setProperty("javax.net.ssl.trustStore", "/path/to/truststore");
You can also specify this as an additional command line parameter:
您还可以将其指定为附加命令行参数:
java -Djavax.net.ssl.trustStore=/path/to/truststore <remaining arguments>
On Fedora this could be the system wide java trust store in /etc/pki/java/cacerts
在 Fedora 上,这可能是系统范围内的 Java 信任存储 /etc/pki/java/cacerts
回答by so_mv
Working code ( in jdk1.6.0_23) for #1.
#1 的工作代码(在 jdk1.6.0_23 中)。
Imports
进口
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
The actual trust all TrustManager code.
实际信任所有 TrustManager 代码。
TrustManager trm = new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { trm }, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
回答by Ayman Hussain
Just add -Dtrust_all_cert=trueto VM arguments. This argument tells java to ignore all certificate checks.
只需添加-Dtrust_all_cert=true到 VM 参数。此参数告诉 java 忽略所有证书检查。
回答by Navaneetha
In Command Line you can add argument -noCertificationCheckto java to ignore the certificate checks.
在命令行中,您可以-noCertificationCheck向 java添加参数以忽略证书检查。
