使用 HttpURLConnection 获取带有自签名证书的页面

发布于 2024-10-05 03:25:54 字数 773 浏览 3 评论 0原文

我使用此代码从本地 Trac 系统下载时间线页面:

HttpURLConnection con = (HttpURLConnection) TRAC_TIMELINE_URL.openConnection();
String userpassword = TRAC_USERNAME + ":" + TRAC_PASS;
String encodedAuthorization = new String(Base64.encodeBase64(
        userpassword.getBytes(Charsets.ASCII)), Charsets.ASCII);
con.setRequestProperty("Authorization", "Basic " + encodedAuthorization);
InputStream ins = con.getInputStream();

由于 Trac 服务器是通过 HTTPS 访问的,但具有自签名证书,因此在调用 getInputStream 时出现以下异常:

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

使它工作的最快方法是什么?我完全可以忽略证书的正确性,因为该请求将通过 LAN 发出。

I'm using this code to download the timeline page from our local Trac system:

HttpURLConnection con = (HttpURLConnection) TRAC_TIMELINE_URL.openConnection();
String userpassword = TRAC_USERNAME + ":" + TRAC_PASS;
String encodedAuthorization = new String(Base64.encodeBase64(
        userpassword.getBytes(Charsets.ASCII)), Charsets.ASCII);
con.setRequestProperty("Authorization", "Basic " + encodedAuthorization);
InputStream ins = con.getInputStream();

Because the Trac server is accessed via HTTPS but has a self-signed certificate, I get the following exception on the call to getInputStream:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What's the quickest way to make it work? I'm fine with just ignoring the certificate correctness altogether, because this request is going to be made over the LAN.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

追风人 2024-10-12 03:25:54

至少,您需要确保与 Trac 系统使用的私有证书(或签署该服务器证书的 CA 的证书)匹配的公共证书位于您的信任库中。 Java SSL 库要求存在一个到已知信任根的信任链(验证服务器证书的 DN 和请求的主机名之间的绑定是可选的,但强烈建议对于普通 HTTPS)。

At the very least, you need to make sure that the public certificate that matches the private certificate used by your Trac system (or the certificate of the CA that signed that server cert) is in your truststore. It's a requirement of the Java SSL libraries that there is a chain of trust to a known trust-root (verifying a binding between the DN of the server cert and the requested hostname is optional, though highly recommended for normal HTTPS).

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文