来自 Java 客户端的 SSL 连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2241068/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL Connection from Java client
提问by Marquinio
I'm creating a Java client program that will be sending sensitive information to a Tomcat server. So I need to use SSL Connection so information will be encrypted.
我正在创建一个 Java 客户端程序,它将向 Tomcat 服务器发送敏感信息。所以我需要使用 SSL 连接来加密信息。
I need to use self-signed untrusted certificate but having problems making connection from java client.
我需要使用自签名不受信任的证书,但在从 Java 客户端建立连接时遇到问题。
I have successfully setup Tomcat 5.5 to use SSL and tested it through Firefox, which displays warning of self-signed certificate.
我已经成功地将 Tomcat 5.5 设置为使用 SSL 并通过 Firefox 对其进行了测试,它显示了自签名证书的警告。
I followed the Tomcat 5.5 SSL setup and they mentioned to create a keystore:
我遵循了 Tomcat 5.5 SSL 设置,他们提到要创建一个密钥库:
keytool -genkey -alias tomcat -keyalg RSA
keytool -genkey -alias tomcat -keyalg RSA
Then I did an export of the above:
然后我做了上面的导出:
keytool -export -keystore .keystore -alias tomcat -file localhost.cer
keytool -export -keystore .keystore -alias tomcat -file localhost.cer
Then I did an import of the above certificate into client machine:
然后我将上述证书导入客户端机器:
keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"
keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"
But when running client I get:
但是在运行客户端时,我得到:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
线程“main”中的异常 javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效认证路径
This is the client code:
这是客户端代码:
URL url = new URL("https://localhost:8443");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
Now I just started playing with these certificates today and I'm new to keystores, so please be patient.
现在我今天才开始使用这些证书,而且我是密钥库的新手,所以请耐心等待。
Can someone please explain how to export and import the certificate created in Tomcat to client machine?
有人可以解释一下如何将在Tomcat中创建的证书导出和导入到客户端机器吗?
Thank you.
谢谢你。
回答by Thorbj?rn Ravn Andersen
Atlassian has good instructions on how to fix this.
Atlassian 对如何解决这个问题有很好的说明。
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
Another approach is to install less unforgiving certificate validators, but that should only be done as a last resort.
另一种方法是安装较少无情的证书验证器,但这只能作为最后的手段。
回答by Gladwin Burboz
Use Apache HTTP Cleintjar and follow this SSL Guide.
使用 Apache HTTP Cleintjar 并遵循此SSL 指南。
EasySSLProtocolSocketFactorycan be used to create SSL connections that allow the target server to authenticate with a self-signed certificate.
EasySSLProtocolSocketFactory可用于创建 SSL 连接,允许目标服务器使用自签名证书进行身份验证。
回答by asdf1234
I think you should input password using "changeit".
我认为您应该使用“changeit”输入密码。
