Java 客户端不从 Windows 信任存储中选择根/中间证书
[英]Java client not picking root/intermediate certificates from Windows Trust Store
问题描述
I have a Jetty server running with SSL certificate which has root->intermediate->host certificate chain.
我有一个运行 SSL 证书的 Jetty 服务器,它具有 root->intermediate->host 证书链。
I have a Java client on Windows which connects to this server.我在 Windows 上有一个连接到该服务器的 Java 客户端。 I am using below system properties to set trust store but it does not work unless I import "host" certificate in Windows "Trusted Root Certificate Authorities" store.我正在使用以下系统属性来设置信任存储,但除非我在 Windows“受信任的根证书颁发机构”存储中导入“主机”证书,否则它不起作用。 I have intermediary and root certificates in "Intermediate Certificate Authorities" store of Windows, but Java does not pick them and throws SSL error.我在 Windows 的“中间证书颁发机构”存储中有中间证书和根证书,但 Java 没有选择它们并引发 SSL 错误。 However, Chrome works perfectly without issueing any warning.但是,Chrome 可以完美运行而不会发出任何警告。
System.setProperty("javax.net.ssl.trustStore", "NUL");
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
As per my understanding, even if root or intermediary certificate is there on client machine, Java should be able to pick it.根据我的理解,即使客户端计算机上有根证书或中间证书,Java 也应该能够选择它。
Is it required to put intermediates and root under "Trusted Root authorities" store?是否需要将中间件和根放在“受信任的根权限”存储下? Would putting under "Intermediate Certificate Authorities" not work?放在“中级证书颁发机构”下会不起作用吗? From which store category, Java picks the certificates? Java 从哪个商店类别中挑选证书?
Please help.请帮忙。
1 个解决方案
解决方案1
0 2021-11-03 08:51:54
This happens when the server only returns the leaf certificate and not the intermediate certificates.当服务器只返回叶证书而不返回中间证书时,就会发生这种情况。 Does a TLS client needs to have intermediate CA in the trust store? TLS 客户端是否需要在信任存储中拥有中间 CA? explains it is actually a server issue and not a client issue.解释它实际上是服务器问题而不是客户端问题。 Following that advice it solved my issue.按照这个建议,它解决了我的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.