在 Java 中禁用 SSL 证书验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/54516557/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Disable SSL certificate validation in Java
提问by Tobias
How can I disable certificate validation in java 8. I am trying to use https to connect to an other server but I keep getting this error:
如何在 Java 8 中禁用证书验证。我正在尝试使用 https 连接到其他服务器,但我不断收到此错误:
Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)
I tried to fix it by using -Dcom.sun.net.ssl.checkRevocation=falsewhich i found here.
I also tried adding my own certificate to the pool using Java Keytool. Both ideas didn't change anything. The problem might be that I generated my own certificate with openssl. That cant be signed by anyone which my result in the error.
我试图通过使用-Dcom.sun.net.ssl.checkRevocation=false我在这里找到的来修复它。我还尝试使用 Java Keytool 将我自己的证书添加到池中。这两个想法都没有改变任何东西。问题可能是我用 openssl 生成了自己的证书。这不能由我导致错误的任何人签名。
It would be nice if I could simply disable SSL checks for testing purposes only. In a production scenario I will have a signed certificate.
如果我可以简单地禁用 SSL 检查仅用于测试目的,那就太好了。在生产场景中,我将拥有一个签名证书。
采纳答案by Prasann
It is not advised to disable certificate validation unless it is only for testing purposes. How are you invoking the service in the first place?
除非仅用于测试目的,否则不建议禁用证书验证。您首先如何调用该服务?
If you are using Apache HttpClient:
如果您使用的是 Apache HttpClient:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();
If you are using HttpsURLConnection:
如果您使用的是 HttpsURLConnection:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
