[英]Java certificate based authentication
I have a thrift endpoint that someone created who is not longer with our company. 我有一个节俭的终点,有人创建了一个不再在我们公司工作的人。 They implemented the authentication via client side certs, but I having a hard time wrapping my head around how it all works. 他们通过客户端证书实现了身份验证,但是我很难理解所有工作原理。 Does anyone know of a tutorial, or howto on this topic. 有谁知道教程或有关此主题的方法。
All I really have is a sample client class. 我真正拥有的只是一个示例客户端类。 Here are a list of things that I need help with: 以下是我需要帮助的事项列表:
What does the following error mean? 以下错误是什么意思?
ERROR[com.cada.CadaDaoTest][main] - Error: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate 错误[com.cada.CadaDaoTest] [main]-错误:org.apache.thrift.transport.TTransportException:javax.net.ssl.SSLHandshakeException:收到致命警报:bad_certificate
The truststore (on Tomcat it's configured forthe SSL connector in server.xml) can hold the root of the certificate chain of the client certificate, not the certificate itself. 信任库(在Tomcat上,为server.xml中的SSL连接器配置了信任库)可以保存客户端证书的证书链的根,而不是证书本身。 That is, when a certificate is created, it is signed by a CA - certificate authority. 即,创建证书时,该证书由CA证书颁发机构签名。 If the CA cert is trusted, all certs singed by the CA are trusted as well. 如果CA证书是受信任的,则由CA颁发的所有证书也将受信任。
You can create certificates using either keytool (in jdk/bin/
) or openssl . 您可以使用keytool(在jdk/bin/
)或openssl创建证书。 There are GUIs for that, like portecle . 有一些GUI,例如portecle 。
The tomcat ssl tutorial might be helpful. tomcat ssl教程可能会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.