[英]Java SSL connection error - Invalid keystore format
I'm creating a server and client all-in-one chat application and I'm trying to switch to an SSL connection.我正在创建一个服务器和客户端一体化聊天应用程序,我正在尝试切换到 SSL 连接。 I created a
keystore.jks
and a certificate file ( .cer
) but now when the program tries to make a connection the acting client throws:我创建了一个
keystore.jks
和一个证书文件( .cer
),但是现在当程序尝试建立连接时,代理客户端会抛出:
Caused by: java.io.IOException: Invalid keystore format
引起:java.io.IOException:无效的密钥库格式
Here is the code:这是代码:
System.setProperty("javax.net.ssl.keyStore", "certificates/keystore.jks");
System.setProperty("javax.net.ssl.trustStore", "certificates/certificate.cer");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
if (this.role == ConnectionRole.SERVER) {
connectingAlert.getJFrame().setVisible(true);
setupServer();
do {
Thread.sleep(10);
} while (socket == null);
}
if (this.role == ConnectionRole.CLIENT) {
connectingAlert.getJFrame().setVisible(true);
setupClient(targetIP);
}
private void setupServer() throws IOException {
SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) sslSrvFact.createServerSocket(8080, 1);
socket = (SSLSocket) serverSocket.accept();
setupStreams();
}
private void setupClient(String IPAddress) throws IOException {
SSLSocketFactory sslFact = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = (SSLSocket) sslFact.createSocket("localhost", 8080);
setupStreams();
}
private void setupStreams() throws IOException {
dataOut = new ObjectOutputStream(socket.getOutputStream());
dataIn = new ObjectInputStream(socket.getInputStream());
chatInterface = ChatInterface.getInstance();
}
System.setProperty("javax.net.ssl.trustStore", "certificates/certificate.cer");
The problem is here.问题就在这里。 A .cer file is not a truststore.
.cer 文件不是信任库。 You need to import it into a real Java truststore via the
keytool
with the -trustcacerts
option.您需要通过带有
-trustcacerts
选项的keytool
将其导入到真正的 Java 信任-trustcacerts
。
BUT it isn't clear why you're using a truststore at all.但是不清楚您为什么要使用信任库。 Are you expecting peers with self-signed certificates to send them to you?
您是否希望拥有自签名证书的同行将它们发送给您? Most of the time you should just use the truststore that comes with Java, and don't set
javax.net.ssl.trustStore
at all.大多数情况下,您应该只使用 Java 附带的信任库,而根本不要设置
javax.net.ssl.trustStore
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.