使用 JSSE (Javase6) 和自签名证书设置 SSL 连接

发布于 2024-09-08 19:50:57 字数 1454 浏览 10 评论 0原文

我正在尝试构建一个简单的客户端/服务器系统,它使用 SSLSocket 来交换数据。 (JavaSE 6) 服务器必须有自己的证书,客户端不需要。

我从这个开始 http://java.sun. com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore 为服务器生成密钥和自签名证书。 总结一下:

    Create a new keystore and self-signed certificate with corresponding public/private keys. 
keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks

    Export and examine the self-signed certificate.
keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer

    Import the certificate into a new truststore.
keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jks

然后在我的服务器代码中,我

System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");

SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );

Socket s = sslServerSocket.accept();

基本上遗漏了一些点,因为我收到“javax.net.ssl.SSLException:没有可用的证书或密钥对应于启用的 SSL 密码套件”。当我尝试运行服务器时。

会不会是证书的问题?当在 keytool 中使用 -validity 时,证书会进行自签名,所以如果我没有错的话它应该可以工作。

阅读文档似乎设置属性“javax.net.ssl.keyStore”足以使 SSLContext 正确设置。有什么建议吗?

I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
The server must have its own certificate, clients don't need one.

I started with this
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
To generate key for the server and a self signed certificate.
To sum it up:

    Create a new keystore and self-signed certificate with corresponding public/private keys. 
keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks

    Export and examine the self-signed certificate.
keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer

    Import the certificate into a new truststore.
keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jks

Then in my server code I do

System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");

SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );

Socket s = sslServerSocket.accept();

I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.

Can it be a problem with the certificate? When using -validity in keytool the certificate gets self-signed, so it should work if I'm not wrong.

Reading the docs seems that setting the property "javax.net.ssl.keyStore" is sufficient for the SSLContext to setup correctly. Any suggestion?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

椵侞 2024-09-15 19:50:57

我把事情搞砸了一点,完整的解决方案在这里:https://forums。 oracle.com/forums/thread.jspa?threadID=1531716

I messed up things a little, complete solution is here: https://forums.oracle.com/forums/thread.jspa?threadID=1531716

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文