Java 是否可以禁用https的ssl?
java上的应用程序。使用OkHttp版本2.7.5。向另一个服务发出请求并发生错误Java 是否可以禁用https的ssl?,java,ssl,https,okhttp,Java,Ssl,Https,Okhttp,java上的应用程序。使用OkHttp版本2.7.5。向另一个服务发出请求并发生错误 SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requeste
SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
为什么您想使用HTTPS但没有证书,您应该按照上面提到的步骤进行操作。但是,如果你想真正忘记HTTPS是什么意思,你可以考虑重写行为
private static OkHttpClient getUnprotectedClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return new okhttp3.OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0])
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}).build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
为什么您想使用HTTPS但没有证书,您应该按照上面提到的步骤进行操作。但是,如果你想真正忘记HTTPS是什么意思,你可以考虑重写行为
private static OkHttpClient getUnprotectedClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return new okhttp3.OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0])
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}).build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
. 除非OKHttp有一些特性,避开了Java中通常的hanlde证书方式,否则它应该可以工作。Pablo,非常感谢!你的回答有帮助!可能的副本。除非OKHttp有一些特性,避开了Java中通常的hanlde证书方式,否则它应该可以工作。Pablo,非常感谢!你的回答有帮助!也有免费获取证书的方法,例如letsencrypt。但这似乎完全是关于建立客户机连接,而不是管理服务器证书。需要连接到外部服务,连接尝试表示boo。也有免费获取证书的方法,如letsencrypt。但这似乎完全是关于建立客户机连接,而不是管理服务器证书。需要连接到外部服务,连接尝试显示boo。