在 Java 中禁用 SSL 证书验证
[英]Disable SSL certificate validation in Java
问题描述
如何在 Java 8 中禁用证书验证。我正在尝试使用 https 连接到其他服务器,但我不断收到此错误:
Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)
我试图通过使用我在这里找到的-Dcom.sun.net.ssl.checkRevocation=false来修复它。 我还尝试使用 Java Keytool 将我自己的证书添加到池中。 这两个想法都没有改变任何东西。 问题可能是我用 openssl 生成了自己的证书。 任何人都不能签署我导致错误的人。
如果我可以简单地禁用 SSL 检查仅用于测试目的,那就太好了。 在生产场景中,我将拥有一个签名证书。
1 个解决方案
解决方案1
6 已采纳 2019-02-04 13:41:59
除非仅用于测试目的,否则不建议禁用证书验证。 您首先如何调用该服务?
如果您使用的是 Apache HttpClient:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();
如果您使用的是 HttpsURLConnection:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
是否可以在 Apache Kafka Java 客户端中禁用 SSL 证书验证?
[英]Is it possible to disable SSL certificate verification in Apache Kafka Java client?
HAProxy SSL终止+客户端证书验证+ curl / java客户端
[英]HAProxy SSL termination + client certificate validation + curl / java client
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.