Coldfusion:使用 SSL 加密页面 (https://) 的 CFHTTP - 出现错误
我正在制作 cfhttp 来连接到加密页面。似乎在某些网站上工作得很好。
I/O Exception: Name in certificate `pro.test.com' does not match host name `go.test.com'
即使主机名不匹配,是否有解决方法可以信任此证书?
I'm making an cfhttp to connect to an encrypted page. Seems to work fine for some sites.
I/O Exception: Name in certificate `pro.test.com' does not match host name `go.test.com'
Is there a workaround to trust this certificate even if the host name doesn't match?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
认为这更多是 Java 问题,解决方法应该会影响 JRE。
不确定这是否适用于您的情况,但可能的解决方案是将此证书导入到 JRE 密钥库中。
一般描述可以在 Sun 网站 中找到。虽然过程非常简单。
首先,您应该使用浏览器导航所需的 HTTPS URL,并使用 SSL 属性导出证书(不记得在 IE 中是如何完成的,但在 Firefox 中,类似“安全”>“查看证书”>“详细信息”>“另存为”)不确定,因为使用非英语本地化),任何 X.509 类型都应该可以工作。
接下来您应该使用 keytool 导入它。导航到当前 CF JRE 的 bin,执行以下命令(将参数替换为您的值)并重新启动 CF:
顺便说一句,有一个 UI 工具 用于此目的,但我没有使用过它,所以不能说它是否工作正常。
Think this is more Java question, and workaround should be affecting the JRE.
Not sure if this will work in your case, but possible solution is to import this certificate into the JRE keystore.
Generic description can be found at Sun website. Though process is pretty simple.
First you should navigate the needed HTTPS URL with your browser and export the cert using SSL properties (don't remember how it is done in IE, but in Firefox something like Security > View cert > Details > Save as -- still not sure because using non-English licalization), any X.509 type should work.
Next you should import it using keytool. Navigate to the current CF JRE's bin, execute the following command (replace arguments with your values) and restart CF:
BTW, there is a UI tool for this, but I haven't used it so can't say if it works fine.
可能正在运行的站点拥有来自可信机构的有效 SSL 证书。
如果您拥有 pro.test.com 的控制权,首选答案是为安装的 pro.test.com 获取有效的证书。但如果由于某种原因这是不可能的,我会看到另外两个选择:
1)在尝试通过 https 连接的地方执行 try/catch,并在发生 SSL 错误时退回到 http。显然,这将消除对失败连接的加密。
或
2) 使用 Sergii 的解决方案将该站点的密钥导入到 Java 密钥库中。
The sites that are probably working have a valid SSL Certificate from a trusted authority.
If you have control of pro.test.com, the preferred answer would be to get a valid cert for pro.test.com installed. But if that is not possible for some reason, I see two other options:
1) Do a try/catch where you try to connect via https, and fall back on http in the event of an SSL error. Obviously this would eliminate encryption for the failed connection.
or
2) Use Sergii's solution to import the key for that site into the Java keystore.
如果 go.test.com 只是一个开发服务器,那么您可以创建一个自签名证书并将其导入到 Java 密钥库中。这样您就可以通过不向 CA 付款来节省成本,并更快地解决问题
If go.test.com is just a development server, in that case you can create a self-signed certificate and import it into Java keystore. That way you can save up on cost by not paying to CA and get a quicker turnaround to resolve the issue