在 Java 中禁用 SSL 证书验证
[英]Disable SSL certificate validation in Java
问题描述
How can I disable certificate validation in java 8. I am trying to use https to connect to an other server but I keep getting this error:
如何在 Java 8 中禁用证书验证。我正在尝试使用 https 连接到其他服务器,但我不断收到此错误:
Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)
I tried to fix it by using -Dcom.sun.net.ssl.checkRevocation=false which i found here .我试图通过使用我在这里找到的-Dcom.sun.net.ssl.checkRevocation=false来修复它。 I also tried adding my own certificate to the pool using Java Keytool.我还尝试使用 Java Keytool 将我自己的证书添加到池中。 Both ideas didn't change anything.这两个想法都没有改变任何东西。 The problem might be that I generated my own certificate with openssl.问题可能是我用 openssl 生成了自己的证书。 That cant be signed by anyone which my result in the error.任何人都不能签署我导致错误的人。
It would be nice if I could simply disable SSL checks for testing purposes only.如果我可以简单地禁用 SSL 检查仅用于测试目的,那就太好了。 In a production scenario I will have a signed certificate.在生产场景中,我将拥有一个签名证书。
1 个解决方案
解决方案1
6 已采纳 2019-02-04 13:41:59
It is not advised to disable certificate validation unless it is only for testing purposes.除非仅用于测试目的,否则不建议禁用证书验证。 How are you invoking the service in the first place?您首先如何调用该服务?
If you are using Apache HttpClient:如果您使用的是 Apache HttpClient:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();
If you are using HttpsURLConnection:如果您使用的是 HttpsURLConnection:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.