在Java中使用自签名证书
[英]Using Self Signed certificate in java
问题描述
I want to connect to a sms gateway. 
我想连接到短信网关。 I found the following code. 我发现以下代码。
public void smsSender(String username, String password, String to,
String text) throws IOException {
try {
String data = "username=" + username + "&password=" + password
+ "&to=" + to + "&text=" + text;
URL url = new URL("https://sendsms.abc.com:1010/sms.php");
HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
urlc.setRequestMethod("POST");
urlc.setDoOutput(true);
urlc.setRequestProperty("Content-type",
"application/x-www-form-urlencoded");
BufferedWriter br = new BufferedWriter(new OutputStreamWriter(
urlc.getOutputStream()));
br.write(data);
br.flush();
BufferedReader rd = new BufferedReader(new InputStreamReader(
urlc.getInputStream()));
String line;
while (null != ((line = rd.readLine()))) {
output = line;
System.out.println(output);
}
rd.close();
} catch (Exception e) {
e.printStackTrace();
}
}
When i try to connect using this method Eclipse sends an error message. 当我尝试使用此方法进行连接时,Eclipse发送一条错误消息。
unable to find valid certification path to requested target
The server that i'm trying to access is using self signed certificate. 我尝试访问的服务器正在使用自签名证书。 I'm new to this field. 我是这个领域的新手。 How can i solve this problem. 我怎么解决这个问题。 Thanks in advance :) 提前致谢 :)
1 个解决方案
解决方案1
1 已采纳 2012-10-22 17:07:51
To make remote method invocations over SSL, a client needs to trust the certificate of the server. 要通过SSL进行远程方法调用,客户端需要信任服务器的证书。 As you said the server has a self-signed certificate, you client needs to be explicitly configured to trust the certificate else the connection fails. 正如您所说的服务器具有自签名证书一样,您的客户端需要明确配置为信任证书,否则连接将失败。 To create a trust relationship between a client and server's self-signed certificate, follow the steps mentioned below, 要在客户端和服务器的自签名证书之间创建信任关系,请执行以下步骤,
First you should get the server certificate on your client side.
首先,您应该在客户端获得服务器证书。
For that the way I know of is, ie hit the server url in a browser and get the server's certificate and import it in the browser.为此,我知道的方法是,即在浏览器中命中服务器URL并获取服务器的证书,然后将其导入浏览器中。 There might be other ways of getting the server certificate but you'll have to explore. 可能还有其他获取服务器证书的方法,但是您必须进行探索。 Now export the public key as a certificate from the browser to the client.
现在,将公共密钥作为证书从浏览器导出到客户端。 let it be server.cer. 让它成为server.cer。 Now, create the client keystore
现在,创建客户端密钥库 keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE, C=MY"
keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname“ CN = localhost,OU = MYOU,O = MYORG,L = MYCITY,S = MYSTATE,C = MY” create the client certificate
创建客户证书 keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer
keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer Now, import the server certificate to the client trust store.
现在,将服务器证书导入到客户端信任存储中。 keytool -import -alias serverCert -keystore client.truststore -storepass clientcert -file server.cer
keytool-导入-alias serverCert -keystore client.truststore -storepass clientcert -file server.cer now load the client keystore as mentioned in erickson's comment in the link provided by Werner.
现在,按照Werner提供的链接中erickson的评论中所述加载客户端密钥库。
Let me know if things are still not clear. 让我知道是否仍然不清楚。 But I suggest you read some documentation on google related to SSL Handshaking between a client and a server. 但我建议您阅读Google上与客户端和服务器之间的SSL握手相关的一些文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.