使用 HttpURLConnection 获取带有自签名证书的页面
我使用此代码从本地 Trac 系统下载时间线页面:
HttpURLConnection con = (HttpURLConnection) TRAC_TIMELINE_URL.openConnection();
String userpassword = TRAC_USERNAME + ":" + TRAC_PASS;
String encodedAuthorization = new String(Base64.encodeBase64(
userpassword.getBytes(Charsets.ASCII)), Charsets.ASCII);
con.setRequestProperty("Authorization", "Basic " + encodedAuthorization);
InputStream ins = con.getInputStream();
由于 Trac 服务器是通过 HTTPS 访问的,但具有自签名证书,因此在调用 getInputStream 时出现以下异常:
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
使它工作的最快方法是什么?我完全可以忽略证书的正确性,因为该请求将通过 LAN 发出。
I'm using this code to download the timeline page from our local Trac system:
HttpURLConnection con = (HttpURLConnection) TRAC_TIMELINE_URL.openConnection();
String userpassword = TRAC_USERNAME + ":" + TRAC_PASS;
String encodedAuthorization = new String(Base64.encodeBase64(
userpassword.getBytes(Charsets.ASCII)), Charsets.ASCII);
con.setRequestProperty("Authorization", "Basic " + encodedAuthorization);
InputStream ins = con.getInputStream();
Because the Trac server is accessed via HTTPS but has a self-signed certificate, I get the following exception on the call to getInputStream:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What's the quickest way to make it work? I'm fine with just ignoring the certificate correctness altogether, because this request is going to be made over the LAN.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
至少,您需要确保与 Trac 系统使用的私有证书(或签署该服务器证书的 CA 的证书)匹配的公共证书位于您的信任库中。 Java SSL 库要求存在一个到已知信任根的信任链(验证服务器证书的 DN 和请求的主机名之间的绑定是可选的,但强烈建议对于普通 HTTPS)。
At the very least, you need to make sure that the public certificate that matches the private certificate used by your Trac system (or the certificate of the CA that signed that server cert) is in your truststore. It's a requirement of the Java SSL libraries that there is a chain of trust to a known trust-root (verifying a binding between the DN of the server cert and the requested hostname is optional, though highly recommended for normal HTTPS).