堆栈内存溢出
  简体   繁体   English

Android自签名证书:未找到证书路径的信任锚

[英]Android self signed certificate: Trust anchor for certification path not found

 原文  2013-09-23 12:48:07       android/ ssl/ certificate/ httpsurlconnection/ sslhandshakeexception

问题描述

I know this subject is discussed in many places, but after I went through almost all of them, I have decided to create my first StackOverflow question... 我知道这个主题在很多地方都有讨论,但在我经历了几乎所有这些之后,我决定创建我的第一个StackOverflow问题......

The problem is the following: 问题如下:

I want to connect to a secured webservice (https) that use a certificate to restrict the access, and a username/password to authenticate the user. 我想连接到使用证书来限制访问的安全Web服务(https),以及用于验证用户身份的用户名/密码。 So i have a client cert (p12 file) and a server cert (pem or der file). 所以我有一个客户端证书(p12文件)和一个服务器证书(pem或der文件)。 I try to use the HttpURLConnection class, because from what I've heard, Apache library will no more be supported on Android. 我尝试使用HttpURLConnection类,因为从我所听到的,Android上将不再支持Apache库。

So this is my implementations (serverCert and clientCert are the full path to my files): 所以这是我的实现(serverCert和clientCert是我的文件的完整路径): 

        // Load CAs from our reference to the file
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream caInput = new BufferedInputStream(new FileInputStream(serverCert));
        X509Certificate serverCertificate;

        try {
            serverCertificate = (X509Certificate)cf.generateCertificate(caInput);
            System.out.println("ca=" + serverCertificate.getSubjectDN());
        } finally {
            caInput.close();
        }
        Log.d(TAG, "Server Cert: " + serverCertificate);

        // Create a KeyStore containing our trusted CAs
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null);
        trustStore.setCertificateEntry("my ca", serverCertificate);

        //Load the Client certificate in the keystore
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        FileInputStream fis = new FileInputStream(clientCert);
        keyStore.load(fis,CLIENT_PASSWORD);

        // Create a TrustManager that trusts the CAs in our KeyStore
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(trustStore);

        //Build the SSL Context
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, pref.getString(Constants.clientCertificatePassword, "").toCharArray

());


    //Create the SSL context
                SSLContext sslContext = SSLContext.getInstance("TLS");
                sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
...
    //And later, we use that sslContext to initiatize the socketFactory

                urlConnection = (HttpsURLConnection) requestedUrl.openConnection();
         urlConnection.setSSLSocketFactory(CertificateManager.getInstance().getSslContext().getSocketFactory());
...

So i can create my SSLContext, and display my two certificates content. 所以我可以创建我的SSLContext,并显示我的两个证书内容。 But when i try to execute my HTTPS connection, I get the following exception: 但是,当我尝试执行我的HTTPS连接时,我得到以下异常:

09-23 13:43:30.283: W/System.err(19422): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 09-23 13:43:30.283:W / System.err(19422):javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:未找到证书路径的信任锚。

Does one of you ever met the following error? 你们其中一个人是否遇到过以下错误? What was your solution? 你的解决方案是什么?

These are the website i went through (without success): 这些是我经历的网站(没有成功):

http://blog.chariotsolutions.com/2013/01/https-with-client-certificates-on.html http://blog.chariotsolutions.com/2013/01/https-with-client-certificates-on.html

http://nelenkov.blogspot.ch/2011/12/using-custom-certificate-trust-store-on.html http://nelenkov.blogspot.ch/2011/12/using-custom-certificate-trust-store-on.html

1 个解决方案

解决方案1
 1  2013-10-12 19:48:53

In your code your are creating and initializing a SSLContext but not using it. 在您的代码中,您正在创建和初始化SSLContext但不使用它。 Maybe you should replace : 也许你应该替换: 

urlConnection.setSSLSocketFactory(CertificateManager.getInstance().getSslContext().getSocketFactory());

by 通过 

urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

I also suggest you if possible to pass the option -Djavax.net.debug=all to the JVM. 我还建议你尽可能将选项-Djavax.net.debug=all传递给JVM。 It will print detailed information about the SSL connection and handshake on the standard output. 它将在标准输出上打印有关SSL连接和握手的详细信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Android volley自签名HTTPS信任锚,用于找不到证书路径 - Android volley self signed HTTPS trust anchor for certification path not found Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚。” - Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found." 未找到认证路径的信任锚。 在 android 上使用自签名客户端证书 - Trust anchor for certification path not found. Using self-signed client certificates on android android 未找到认证路径的信任锚。 我的后端没有自行分配的证书。 该怎么办? - android Trust anchor for certification path not found. My backend have not self assigned certificate. What to do? Android 4.4 上的 SSL 证书问题:未找到证书路径的信任锚 - Problem with SSL certificate on Android 4.4: Trust anchor for certification path not found 自签名证书-找不到信任锚 - Self Signed Certificate - Trust anchor not found 在OkHttp中将证书信任/列入白名单(找不到证书路径的信任锚) - Trust/whitelist a certificate in OkHttp (Trust anchor for certification path not found) Android:CertPathValidatorException:找不到证书路径的信任锚 - Android: CertPathValidatorException: Trust anchor for certification path not found Android 7:找不到认证路径的信任锚 - Android 7: Trust anchor for certification path not found webview.loadUrl()中的Android错误 - 找不到证书路径的信任锚 - Android error in webview.loadUrl() - Trust anchor for certification path not found
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM