使用Java套接字连接到未签名的HTTPs站点
我正在尝试设置一个Java程序来连接到使用SSL的我自己的网站。我让它完全适用于标准HTTP站点,但不适用于HTTPs。我的问题是我的证书没有签名 我怎么能让java忽略它没有签名的事实,让我以任何方式连接呢?我在尝试连接时遇到此错误:使用Java套接字连接到未签名的HTTPs站点,java,sockets,ssl-certificate,Java,Sockets,Ssl Certificate,我正在尝试设置一个Java程序来连接到使用SSL的我自己的网站。我让它完全适用于标准HTTP站点,但不适用于HTTPs。我的问题是我的证书没有签名 我怎么能让java忽略它没有签名的事实,让我以任何方式连接呢?我在尝试连接时遇到此错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.ce
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at util.Watchlist.getWatchListWebsiteReaderSSL(Watchlist.java:51)
at util.Watchlist.updateWLDP(Watchlist.java:64)
at util.Watchlist.getWLDP(Watchlist.java:24)
at commands.devices.cpt.WldpMessage.run(WldpMessage.java:52)
at cli.Parser.Parse(Parser.java:74)
at fromUI.UISocketReader.run(UISocketReader.java:54)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 25 more
您需要创建一个接受未签名证书的TrustManager,并将其与用于HTTPS连接的SSLContext相关联。下面是一个简单的例子
请注意,链接的示例不会对服务器的SSL证书进行任何验证,因此您将无法完全信任您连接到的网站的标识。您需要创建一个接受未签名证书的TrustManager,并将其与用于HTTPS连接的SSLContext相关联。下面是一个简单的例子
请注意,链接的示例对服务器的SSL证书没有任何验证,因此您将无法完全信任您连接到的网站的身份。这让我更进一步。我现在收到一个致命警报:坏记录。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请告诉我。你的帮助真是太好了!该TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码中,因为它从根本上破坏了SSL安全性。请参阅RFC2246中的讨论。@EJP我只是在进行概念验证,所以削弱SSL是可以的。在生产中SSL将被签署。这让我更进一步。我现在收到一个致命警报:坏记录。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请告诉我。你的帮助真是太好了!该TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码中,因为它从根本上破坏了SSL安全性。请参阅RFC2246中的讨论。@EJP我只是在进行概念验证,所以削弱SSL是可以的。将在生产中签署SSL。
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
// Now you can access an https URL without having the certificate in the
// truststore
try {
URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}