我环顾四周,没有看到任何问题能够完全回答我想要的问题,但如果这是重复的,请向我指出该问题,我将继续前进。
现在我正在尝试编写一个 Java 服务器,它将从 SSLServerSocket 接收数据,现在只需将其打印出来。我最终希望这些数据来自 Android,但现在它在开始侦听数据之前会抛出 SSLException。
代码:
System.setProperty("javax.net.ssl.keyStore","C:\\ProgramFiles\\jre6\\bin\\server.jks");
System.setProperty("javax.net.ssl.keyStorePassword","password");
SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = factory.createServerSocket(6543);
Socket s = ss.accept();
之后还有更多代码来处理它,但它被挂起并在那里抛出异常,所以我不确定发布它是否会有所帮助,但如果有的话,只需对其进行评论。
我按照 Ubuntu 上的 openssl 教程创建了证书,并将其转移并使用以下命令创建了我的密钥库:
keytool -import -file "C:\Documents and Settings\matt\Desktop\server.crt" -keystore server.jks
我可以轻松地承认我不完全理解其中很大一部分是如何工作的,因此我们将不胜感激。另外,我想我将把它排除在这个问题的范围之外,因为我觉得这本身就是一个很大的问题,但我还想了解一些关于如何连接客户端的见解(如果可能的话)。很抱歉给您带来了麻烦,并提前感谢您提供的所有帮助。
编辑:
我遵循的教程在这里:
http://www.akadia.com/services/ssh_test_certificate.html
再次感谢!
编辑:
抛出的异常是:
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled
我尝试谷歌搜索异常,大多数内容都是描述如何创建密钥库的教程(我印象中我已经拥有了)。我将继续筛选这些搜索结果。
谢谢!
I looked around and did not see any questions that fully answered what I wanted, though if this is a duplicate, point me to the question and I will be on my way.
Right now I am trying to write a Java server that will receive data from an SSLServerSocket and for now, just print it out. I would eventually like to have this data come from an Android, but right now it throws an SSLException before it even starts listening for data.
code:
System.setProperty("javax.net.ssl.keyStore","C:\\ProgramFiles\\jre6\\bin\\server.jks");
System.setProperty("javax.net.ssl.keyStorePassword","password");
SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = factory.createServerSocket(6543);
Socket s = ss.accept();
There is more code after that to process it, but it gets hung up and throws the exception there, so I'm not sure posting it will help any, but if it will, just comment for it.
I created the certificate following a tutorial for openssl on Ubuntu and transferred it over and created my keystore using:
keytool -import -file "C:\Documents and Settings\matt\Desktop\server.crt" -keystore server.jks
I can easily admit that I don't fully understand how a large portion of this works, so any help would be appreciated. Also, I suppose I am going to leave it outside the scope of this question becauseI feel like this is a pretty big question on its own, butI would also like some insight as to how to connect the client if possible. Sorry for all the trouble and thanks ahead of time for all the help.
EDIT:
the tutorial I followed is here:
http://www.akadia.com/services/ssh_test_certificate.html
Thanks again!
EDIT:
The Exception being throw is:
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled
I tried to Google the exception and most everything was a tutorial describing how to create a keystore (which I am under the impression that I already have). I will continue to sift through these search results.
Thanks!
发布评论
评论(1)
当您创建这样的密钥库时,您只需将证书放入密钥库中:
您需要的是拥有私钥+证书。
如果您已经拥有证书颁发机构颁发的证书,则可以从其他地方导入它们;如果用途有限,则可以创建自签名证书。
如果您使用 OpenSSL 创建的证书是自签名的(或者来自供您自己使用的迷你 CA,例如使用
CA.pl),则可能不值得进行转换。您不妨直接使用keytool生成自签名证书。请参阅“生成密钥对”示例 在官方keytool文档中:确保使用 cn=your.fqdn.host.name(如果仅用于本地测试,则使用 cn=localhost)。 (我认为 Java 7 提供的
keytool也支持主题备用名称,这会更好。)如果您已经有一个私钥 + 证书,您想以 PKCS#12 格式重复使用(通常是这个问题。
.p12文件),您可以使用如果您使用 OpenSSL 生成的内容是 PEM 格式,则将它们与 OpenSSL 捆绑在 PKCS#12 文件中,然后按上述方式导入可能会更容易。这可以通过以下方式完成:
When you create a keystore like this, you only put a certificate in your keystore:
What you need is to have a private key + a certificate.
Either you import them from somewhere else if you already have a certificate issued by a Certification Authority, or you can create a self-signed certificate if it's for limited use.
If the certificate you've created with OpenSSL is self-signed (or from a mini CA for your own use, e.g. with
CA.pl), it's probably not worth the trouble of doing the conversion. You might as well generate a self-signed certificate directly withkeytool. See the "Generating Your Key Pair" example in the officialkeytooldocumentation:Make sure you use
cn=your.fqdn.host.name(orcn=localhostif it's for local tests only). (I thinkkeytoolprovided with Java 7 also has support for subject alternative names, which would be better.)If you already have a private key + certificate you want to re-use in PKCS#12 format (usually
.p12file), you can import it using the method described in this question.If what you've produced with OpenSSL is in PEM format, it might be easier to bundle them in a PKCS#12 file with OpenSSL and then import them as above. This can be done with this: