stackoom
  简体   繁体   中英

How to disable self signed certificate at client in java?

 原文  2016-02-16 06:10:28       java/ ssl/ https/ rest-client/ webservices-client

Question

I am having genuine certificate "salientrisk.crt" and "salientrisk.key" , Server is configured as SSL server with these certificate , now on client side if i have the same certificate then only it should be able to do handshake other wise it should fail , it should not allow client to connect with server .

How to make handshake between client and server by using public /private keys .

Problem is if i am passing here self signed certificate then also its working , which i don't want .

I am using the following piece of code in main class : 

    SSLContext sslContext = null;
                    try{
                        sslContext = SSLContext.getInstance("SSL");
                        ServerTrustManager serverTrustManager = new ServerTrustManager();
                        sslContext.init(null, new TrustManager[]{serverTrustManager}, null);

                    }catch(Exception e){
                        logger.error("Error while getting SSL context", e);
                    }


=================================================


package com.common.restclient;


import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;

public class ServerTrustManager implements X509TrustManager{

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // TODO Auto-generated method stub

    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // TODO Auto-generated method stub
        X509Certificate cert=null;


        try (InputStream inStream = new FileInputStream("SSLCertificate/salientrisk.crt")) {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            cert = (X509Certificate)cf.generateCertificate(inStream);
        } catch (FileNotFoundException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        cert.checkValidity();
        cert.getIssuerUniqueID();
        cert.getSubjectDN();



    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        // TODO Auto-generated method stub
        return null;
    }

}

2 answers

solution1
 1  2016-02-16 09:08:03

您服务器中的密钥对也可能是自签名的,并且您尝试使用的密钥对具有相同的父证书CA。

solution2
 0  2016-02-16 06:22:45

You are looking for certificate pinning . Check out https://github.com/ikust/hello-pinnedcerts for test code.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java SSL Client No Self Signed Certificate lotus notes ssl certificate self signed client no trusted certificate java Accept server's self-signed ssl certificate in Java client Java ssl/https client using a self-signed certificate Tell java client code to accept self signed certificate Setup Java MQTT client with Mosquitto over SSL with a self signed certificate Java Rest Client using self-signed Certificate Java oAuth using self-signed client certificate Java web service over https - How to add a self-signed certificate into a client api? How does a Java client automatically accept a self-signed certificate from the server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM