Ssl javax.servlet.request.X509Certificate属性返回null
我正在尝试向服务器发送客户端证书 客户:Ssl javax.servlet.request.X509Certificate属性返回null,ssl,jersey,ssl-certificate,x509certificate,dropwizard,Ssl,Jersey,Ssl Certificate,X509certificate,Dropwizard,我正在尝试向服务器发送客户端证书 客户: KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, password.toCharArray()); keyStore.setKeyEntry("service-tls", privateKey, password.toCharArray(), cerChain);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, password.toCharArray());
keyStore.setKeyEntry("service-tls", privateKey, password.toCharArray(), cerChain);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, password.toCharArray());
trustStore.setCertificateEntry("root-ca", rootCert);
SslConfigurator sslConfig = SslConfigurator.newInstance()
.keyStore(keyStore)
.keyStorePassword(password)
.keyPassword(password)
.trustStore(trustStore)
.trustStorePassword(password)
.securityProtocol("TLSv1.2");
TrustManager[] trustManager = new X509TrustManager[] { new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sslContext = sslConfig.createSSLContext();
sslContext.init(null, trustManager, null);
this.client = ClientBuilder.newBuilder().sslContext(sslContext).build();
服务器:
validateCerts: false
validatePeers: false
wantClientAuth: true
证书和私钥从应用程序中的pem文件加载。
在调试模式下,我发现证书链位于
this.client
的trustManager
中。但在服务器中,属性仍然返回null。您在没有密钥管理器的情况下初始化了ServetContext
,因此它永远无法在密钥库中找到任何内容。摆脱那些毫无意义和不安全的TrustManager
。这没有帮助。@user207421谢谢您的回复。所以问题是sslContext.init
没有密钥管理器?实际上,我添加了这个和TrustMnager
以忽略自签名证书异常。添加KeyManager
不会解决自签名证书异常,但它会解决您发布的问题。解决自签名证书问题的正确方法是让CA对其进行签名,或者将其导入信任库。您正在使用的TrustManager
非常不安全,更不用说不正确,永远不应该使用。@user207421感谢您的帮助。这就解决了问题。