我怎么知道SSL证书链正在验证中?
[英]How do I know the SSL certificate chain is being verified?
问题描述
I just want to see the code where the SSL certificate chain is verified. 
我只想查看验证SSL证书链的代码。 I have found a method called checkClientTrusted and checkServerTrusted . 我找到了一个名为checkClientTrusted和checkServerTrusted的方法。 I don't think they are called anywhere. 我认为他们在任何地方都不会被称为。
For context I found them in the Apache SSLContextBuilder. 对于上下文,我在Apache SSLContextBuilder中找到了它们。
I am not sure if the chain verification is done automatically for me somewhere or I am supposed to somehow call checkClientTrusted and checkServerTrusted 我不确定是否在某个地方为我自动完成了链验证,还是应该以某种方式调用checkClientTrusted和checkServerTrusted
1 个解决方案
解决方案1
0 2018-09-05 04:39:22
You don't have to explicitly call anything to initiate the SSL handshake. 您不必显式调用任何东西即可启动SSL握手。 HTTP client will do it for you. HTTP客户端将为您完成此任务。 If you're using spring Resttemplate, apache HTTP client will initiate SSL handshake if the URL is HTTP over SSL (https) 如果您使用的是Spring Resttemplate,并且URL是基于SSL的HTTP(https),则apache HTTP客户端将启动SSL握手
If you want to see the logs, update your log4j or logback to level TRACE on package org.apache 如果要查看日志,请在软件包org.apache上更新log4j或重新登录到TRACE级别
If you want to verify SSL is valid and certificate chains are setup correctly on the server you can use openssl to validate like 如果要验证SSL是否有效并且在服务器上正确设置了证书链,则可以使用openssl进行验证,例如
openssl s_client -showcerts -connect www.exampledomain.com:443
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.