如何在 java SSL 中加载本地客户端证书?
[英]How to load local client certificate in java SSL?
问题描述
我尝试使用需要使用此客户端进行客户端身份验证的 TLS 连接到服务器的套接字。java代码
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Client {
public static void main(String[] args){
System.setProperty("javax.net.ssl.trustStore", "/home/toni/.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "jOk<>123");
String host = "localhost";
Integer port = 8000;
byte[] data = new byte[4096];
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
try(
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
){
out.write("Hi, I am client".getBytes());
in.read(data);
System.out.println(new String(data));
} catch (IOException ex) {
Logger.getLogger(Client.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
但似乎client.java没有将本地客户端证书发送到服务器,因此服务器返回错误:
ssl.SSLError: [SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:852)
这是我的keytool -list
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 2 entries
client, Aug 20, 2020, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 41:36:F0:A5:38:DA:99:D1:6A:B1:44:87:9C:00:CF:73:FC:96:48:22:79:B5:3A:9A:ED:44:C8:AA:CA:97:45:5E
localhost, Aug 20, 2020, trustedCertEntry,
Certificate fingerprint (SHA-256): 1A:CB:DA:E3:ED:BF:E0:C8:C1:13:13:8C:A4:FB:20:48:53:54:80:D3:36:14:35:9C:EF:AF:5B:16:E2:54:97:B8
如何让我的client.java在上面加载client别名证书并在与服务器握手时使用它?
1 个解决方案
解决方案1
0 2020-08-20 11:38:57
我只是了解了 keyStore 和 trustStore 之间的区别。 实际上在 java 我不需要在客户端显式指定客户端证书。 我只需要像这样声明我的 KeyStore:
String file = "/home/toni/.keystore";
String password = "jOk<>123";
System.setProperty("javax.net.ssl.trustStore", file);
System.setProperty("javax.net.ssl.trustStorePassword", password);
System.setProperty("javax.net.ssl.keyStore", file);
System.setProperty("javax.net.ssl.keyStorePassword", password);
如何在 java 客户端中使用 SSL 客户端证书和 jersey 客户端
[英]How do I use an SSL client certificate with jersey client in java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.