堆栈内存溢出
  简体   繁体   English

带有pfx证书的Java Open HttpsUrlConnection

[英]Java Open HttpsUrlConnection with pfx Certificate

 原文  2017-01-13 17:18:32       java/ ssl/ https/ certificate

问题描述

I am trying to connect to a secure web server programmatically. 我正在尝试以编程方式连接到安全的Web服务器。 I have the pfx certificate used to access the server and can access it via the browser. 我拥有用于​​访问服务器的pfx证书,并且可以通过浏览器访问它。 However I get the following error: 但是我收到以下错误:

java.security.cert.CertificateException: No subject alternative names present java.security.cert.CertificateException:没有主题替代名称

This code I am using: 我正在使用的代码: 

KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("path/to/pfxFile"), "mypassword");
KeyManagerFactory keyManagerFactory = KeyManagerFactory
                .getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "mypassword");

KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("path/to/cacerts"), "changeit");
TrustManagerFactory trustManagerFactory = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(),
                new SecureRandom());

URL url = new URL("https://XXX.XXX.XXX.XXX/MyWebService");
connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sslContext.getSocketFactory());
connection.setRequestProperty("Content-Type", "text/xml");
connection.setRequestMethod("GET");
connection.setConnectTimeout(120000);
connection.connect();

I managed to find a workaround for that error by putting the following directly before the openConnection call: 通过将以下内容直接放在openConnection调用之前,我设法找到了该错误的解决方法: 

HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("XXX.XXX.XXX.XXX"));

Only to give me: 只给我:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到指向所请求目标的有效证书路径

I couldn't find any resolutions for this issue. 我找不到此问题的任何解决方案。 I've tried exporting the cert and adding it to cacert via keytool, but it doesn't help and I'm out of ideas. 我尝试导出证书,然后通过keytool将其添加到cacert,但是它没有帮助,我没有主意。 Any help is appreciated. 任何帮助表示赞赏。

1 个解决方案

解决方案1
 0 已采纳  2017-01-24 04:20:08

因此,事实证明,我只需要下载服务器证书并将其添加到cacert中,而不是使用pkcs12文件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 pfx证书中的Java密钥库 - Java keystore from pfx certificate 使用Java中的.pfx证书解密文件 - Decrypt file using .pfx certificate in Java Java:使用现有 pfx 证书签署 PDF - Java: Signing a PDF with an existig pfx-certificate Java HttpsURLConnection 调用 rest web 以编程方式服务和应用证书 - Java HttpsURLConnection call rest web service and apply certificate programmatically java HttpsURLConnection - java HttpsURLConnection Android HttpsURLConnection信任证书 - Android HttpsURLConnection trust certificate 通过pfx文件将SSL证书导入Java密钥库 - Importing a SSL certificate into a Java Keystore via a pfx file 如何使用 Java 在 https 连接请求中附加 .pfx 证书? - How to attach .pfx certificate in https connection request using Java? 使用Windows下生成的(.PFX)证书在Java中签名文本 - Signing a Text in Java Using a (.PFX) Certificate Generated Under Windows 在Java中读取PFX文件的PrivateKey和证书链-获取空值 - Reading a PFX file PrivateKey and Certificate Chain in java - Getting a Null
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM