HttpClient+SSL+可信证书
我正在使用 Commons HttpClient API 连接到我们的一台服务器。
该服务器使用 SSL,并且还使用有效的证书(由 Verisign Trust Network 颁发)。
当我连接到服务器时,我的浏览器从不抱怨。但我的java程序抛出
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trustedcertificatefound 异常。
即使此有效证书已导入我的 java 信任库,我仍然遇到同样的问题。
我使用以下简单的代码连接到服务器。
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://www.ourserver.com/");
try {
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine());
} finally {
httpget.releaseConnection();
}
注意: 我非常确定我们的服务器正在使用受信任的证书,因为我的浏览器从未抱怨过。
谢谢。
I'm using Commons HttpClient API to connect to one of our Servers.
This server uses SSL and also it uses valid Certificate (issued by Verisign Trust Network).
My Browser never complains as i connect to the server. But my java program throws
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found Exception.
I still have the same issue, even if this valid certificate is imported to my java truststore.
I used the following simple code to connect to the server..
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://www.ourserver.com/");
try {
httpclient.executeMethod(httpget);
System.out.println(httpget.getStatusLine());
} finally {
httpget.releaseConnection();
}
Note:
I'm very sure that our server is using Trusted certificate as my browser never complained.
Thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您使用旧版本的 java,即 1.4,则 verisign 根 CA 可能不受信任。在这种情况下,您必须配置一个包含证书的信任库。这可以通过“javax.net.ssl.trustStore”系统属性来完成,但不建议这样做。
您可以实现“org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory”以提供具有给定信任库的自定义 SocketFactory。
if you are using an older version of java, i.e. 1.4, it is possible that the verisign root CA isn't trusted. In that case you must configure a truststore with the certificate in it. This can be done with de 'javax.net.ssl.trustStore' system property, but isn't advisible to do.
You can implement the 'org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory' to provide a custom SocketFactory with the given truststore.
您是否已将 Verisign Root CA 添加到您的信任库中?该错误可能是因为颁发您的证书的 CA 不受信任。
我不确定 Java 的信任库是否会像大多数 Web 浏览器一样自动配置为信任“默认”根 CA(Verisign、Thawte 等)。您可能必须使用 keytool 手动启用每个密钥的信任,自从您提到导入到信任库以来,我假设您知道这一点。
Have you added the Verisign Root CA to your truststore? It's possible that the error is because the CA that issued your certificate isn't trusted.
I'm not sure that Java's truststore is automatically configured to trust "default" root CAs (Verisign, Thawte, etc.) like most web browsers are. You might have to manually enable trust for each using keytool, which I assume you know since you mentioned importing into your truststore.