[英]SSLContext not using certificate from the JVM TrustStore
I need to send a request to a server that uses TLS Client Authentication.我需要向使用 TLS 客户端身份验证的服务器发送请求。 For that, I created a PKCS12 file with my certificate and private key and set it in the SSLContext as a KeyManager.
为此,我使用我的证书和私钥创建了一个 PKCS12 文件,并将其在 SSLContext 中设置为 KeyManager。
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystoreInputStream = new FileInputStream("C:/Users/PC/Desktop/certprivate.p12");
keystore.load(keystoreInputStream, "password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, "password".toCharArray());
SSLContext sc = SSLContext.getInstance("TLSv1.3");
sc.init(kmf.getKeyManagers(), null, null);
I also used keytool to add the certificate from the server in the cacerts
store and while that didn't work, I used InstallCerts to download I guess all of the intermediary certificates and installed thoses in cacerts.我还使用 keytool 在
cacerts
存储中添加来自服务器的证书,虽然这不起作用,但我使用 InstallCerts 下载我猜所有的中间证书并将它们安装在 cacerts 中。 The problem I'm getting now is 400 No required SSL certificate was sent
.我现在遇到的问题是
400 No required SSL certificate was sent
。
I'm not sure why this shows up, when from my understanding, if the TrustManager
is set to null, it will use the default TrustManager which in this case is:我不确定为什么会出现这种情况,根据我的理解,如果
TrustManager
设置为 null,它将使用默认的 TrustManager,在这种情况下为:
String certificatesTrustStorePath = "C:/Program Files/Java/jdk-15.0.2/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore", certificatesTrustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
EDIT: I don't get why the request is failing as the TLS handshake has been completed.编辑:我不明白为什么请求失败,因为 TLS 握手已经完成。 Otherwise I would have gotten some other error/exception.
否则我会得到一些其他错误/异常。
Add -Djavax.net.debug=all in your java startup command line, you will have more informations.在 java 启动命令行中添加 -Djavax.net.debug=all,您将获得更多信息。 After you could diagnose your issue.
在你可以诊断出你的问题之后。 JC
JC
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.