javax.net.ssl.SSLKeyException: [Security:090477] 从 intranet.xxx.com 收到的证书链
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20217617/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from intranet.xxx.com
提问by NightsWatch
javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from intranet.xxx.com - 158.171.160.28 was not trusted causing SSL handshake failure.
javax.net.ssl.SSLKeyException: [Security:090477] 从 intranet.xxx.com 收到的证书链 - 158.171.160.28 不受信任,导致 SSL 握手失败。
I am trying to fetch contents as html page from one intranet website using weblogic. While connecting to the website I am getting javax.net.ssl.SSLKeyException: [Security:090477] exception. Where as with the same peice of code I am able to acheive the required using a main class. Please advice on this.
我正在尝试使用 weblogic 从一个 Intranet 网站以 html 页面的形式获取内容。连接到网站时,我收到 javax.net.ssl.SSLKeyException: [Security:090477] 异常。与相同的代码一样,我可以使用主类实现所需的功能。请就此提出建议。
public class Test{
public static void main(String[] args) {
String[] lines = null;
try {
// configure the SSLContext with a TrustManager
SSLContext ctx = null;
try {
ctx = SSLContext.getInstance("TLS");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
} catch (KeyManagementException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
SSLContext.setDefault(ctx);
String url = "https://www.google.com"
Document doc = Jsoup.connect(url).get();
Elements elements = doc.getElementById("table_UniqueReportID").children();
for(Element element : elements)
{
System.out.println(element.nodeName());
if(element.nodeName().equalsIgnoreCase("tbody"))
{
Elements rowElements = element.children();
for(Element currentRow : rowElements)
{
System.out.println(currentRow.text());
}
}
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private static class DefaultTrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
}
采纳答案by Tatarao Vana
you need to import the certificate into keystore and signers to java cacerts as well.
您还需要将证书导入密钥库并将签名者导入 java cacerts。
And make sure certificate common name is same as your serever name.
并确保证书通用名称与您的服务器名称相同。
For example..if you see SBI online banking certificate then it's common name is something like
例如..如果您看到 SBI 网上银行证书,那么它的通用名称类似于
CN = www.onlinesbi.com
CN = www.onlinesbi.com
We should have to import the certificate into keystore to work.
我们应该必须将证书导入密钥库才能工作。
