来自 Java 客户端的 SSL 连接
我正在创建一个 Java 客户端程序,它将向 Tomcat 服务器发送敏感信息。所以我需要使用 SSL 连接,以便信息被加密。
我需要使用自签名的不受信任的证书,但在从 java 客户端建立连接时遇到问题。
我已成功设置 Tomcat 5.5 以使用 SSL 并通过 Firefox 进行测试,它显示自签名证书的警告。
我遵循 Tomcat 5.5 SSL 设置,他们提到创建一个密钥库:
keytool -genkey -alias tomcat -keyalg RSA
然后我导出了上面的内容:
keytool -export -keystore .keystore -alias tomcat -file localhost.cer
然后我将上述证书导入客户端计算机:
keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"
但是运行客户端时我得到:
线程“main”中出现异常 javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径< /p>
这是客户端代码:
URL url = new URL("https://localhost:8443");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
现在我今天才开始使用这些证书,而且我对密钥库还很陌生,所以请耐心等待。
有人可以解释一下如何将 Tomcat 中创建的证书导出和导入到客户端计算机吗?
谢谢。
I'm creating a Java client program that will be sending sensitive information to a Tomcat server. So I need to use SSL Connection so information will be encrypted.
I need to use self-signed untrusted certificate but having problems making connection from java client.
I have successfully setup Tomcat 5.5 to use SSL and tested it through Firefox, which displays warning of self-signed certificate.
I followed the Tomcat 5.5 SSL setup and they mentioned to create a keystore:
keytool -genkey -alias tomcat -keyalg RSA
Then I did an export of the above:
keytool -export -keystore .keystore -alias tomcat -file localhost.cer
Then I did an import of the above certificate into client machine:
keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"
But when running client I get:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is the client code:
URL url = new URL("https://localhost:8443");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
Now I just started playing with these certificates today and I'm new to keystores, so please be patient.
Can someone please explain how to export and import the certificate created in Tomcat to client machine?
Thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
Atlassian 对于如何解决这个问题有很好的说明。
http://confluence.atlassian.com/display/JIRA/Connecting+ 另一种方法是安装不太严格的
证书验证器,但这只能作为最后的手段。
Atlassian has good instructions on how to fix this.
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
Another approach is to install less unforgiving certificate validators, but that should only be done as a last resort.
使用 Apache HTTP Cleint jar 并遵循此 SSL 指南。
EasySSLProtocolSocketFactory 可用于创建允许目标服务器使用自签名证书进行身份验证的 SSL 连接。
Use Apache HTTP Cleint jar and follow this SSL Guide.
EasySSLProtocolSocketFactory can be used to create SSL connections that allow the target server to authenticate with a self-signed certificate.
我认为你应该使用“changeit”输入密码。
I think you should input password using "changeit".