来自Java客户端的SSL连接
[英]SSL Connection from Java client
问题描述
I'm creating a Java client program that will be sending sensitive information to a Tomcat server. 
我正在创建一个Java客户端程序,它将敏感信息发送到Tomcat服务器。 So I need to use SSL Connection so information will be encrypted. 所以我需要使用SSL连接,以便加密信息。
I need to use self-signed untrusted certificate but having problems making connection from java client. 我需要使用自签名的不受信任的证书,但是在从java客户端建立连接时遇到问题。
I have successfully setup Tomcat 5.5 to use SSL and tested it through Firefox, which displays warning of self-signed certificate. 我已成功设置Tomcat 5.5以使用SSL并通过Firefox进行测试,Firefox会显示自签名证书的警告。
I followed the Tomcat 5.5 SSL setup and they mentioned to create a keystore: 我遵循Tomcat 5.5 SSL设置,他们提到创建一个密钥库:
keytool -genkey -alias tomcat -keyalg RSA
Then I did an export of the above: 然后我做了上面的导出:
keytool -export -keystore .keystore -alias tomcat -file localhost.cer
Then I did an import of the above certificate into client machine: 然后我将上述证书导入客户端机器:
keytool -import -alias tomcat -file localhost.cer -keystore "C:\\Program Files"\\Java\\jdk1.6.0_17\\jre\\lib\\security\\cacerts"
But when running client I get: 但是在运行客户端时,我得到:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is the client code: 这是客户端代码:
URL url = new URL("https://localhost:8443");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
Now I just started playing with these certificates today and I'm new to keystores, so please be patient. 现在我刚刚开始玩这些证书而且我是密钥库的新手,所以请耐心等待。
Can someone please explain how to export and import the certificate created in Tomcat to client machine? 有人可以解释如何导出和导入Tomcat中创建的证书到客户端机器?
Thank you. 谢谢。
3 个解决方案
解决方案1
1 2010-02-10 23:25:00
Atlassian has good instructions on how to fix this. Atlassian对如何解决这个问题有很好的指导。
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
Another approach is to install less unforgiving certificate validators, but that should only be done as a last resort. 另一种方法是安装较少的不可原谅的证书验证器,但这只应作为最后的手段。
解决方案2
0 2010-02-10 23:34:26
Use Apache HTTP Cleint jar and follow this SSL Guide . 使用Apache HTTP Cleint jar并遵循此SSL指南 。
EasySSLProtocolSocketFactory can be used to create SSL connections that allow the target server to authenticate with a self-signed certificate. EasySSLProtocolSocketFactory可用于创建SSL连接,允许目标服务器使用自签名证书进行身份验证。
解决方案3
0 2011-08-12 00:53:37
我认为你应该使用“changeit”输入密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.