使用Java客户端进行SSL证书验证
[英]SSL certificate validation using Java client
问题描述
I am writing a micro service which talks to another service through HTTPS. 
我正在编写一个微服务,该服务通过HTTPS与另一个服务对话。 In java client implementation, reading root certificate from truststore and then validate incoming certificate through that. 在Java客户端实现中,从信任库中读取根证书,然后通过该证书验证传入的证书。
Now, my question is - by default only 2nd level certificate will be validated using root Cert or all chained certificates in turn will also get validated? 现在,我的问题是-默认情况下,仅第二级证书将使用root Cert进行验证,否则所有链接的证书也将得到验证?
I am Using okhttp; 我正在使用okhttp; and my assumption is that all Java clients should behave in same way, please let me know if there is any subjectivity here? 我的假设是所有Java客户端的行为都应相同,请让我知道这里是否存在主观性? Thanks. 谢谢。
1 个解决方案
解决方案1
2 已采纳 2017-03-21 10:55:58
If you include the root certificate in the truststore, the entire chain will be validated 如果您在信任库中包含根证书,则整个链将得到验证
The SSL server during handshake sends to client the certification chain from leaf certificate to root. 握手期间的SSL服务器将从叶证书到根的证书链发送到客户端。 The root certificate may be included but usually it is not 可以包括根证书,但通常不包括
The default Trust Manager of a Java client will validate the provided certification chain looking in the truststore until it find the issuer of the certificate or the certificate itself Java客户端的默认信任管理器将验证在信任库中查找的提供的证书链,直到找到证书的颁发者或证书本身为止
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.