I just want to see the code where the SSL certificate chain is verified. I have found a method called checkClientTrusted
and checkServerTrusted
. I don't think they are called anywhere.
For context I found them in the Apache SSLContextBuilder.
I am not sure if the chain verification is done automatically for me somewhere or I am supposed to somehow call checkClientTrusted
and checkServerTrusted
You don't have to explicitly call anything to initiate the SSL handshake. HTTP client will do it for you. If you're using spring Resttemplate, apache HTTP client will initiate SSL handshake if the URL is HTTP over SSL (https)
If you want to see the logs, update your log4j or logback to level TRACE
on package org.apache
If you want to verify SSL is valid and certificate chains are setup correctly on the server you can use openssl to validate like
openssl s_client -showcerts -connect www.exampledomain.com:443
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.