我的客户端在与具有过期证书的https服务器通信时失败并出现以下错误。虽然我们正在等待通过续订来修复服务器端,但我想知道我们是否可以通过将过期的证书添加到我们自己的信任存储来传递此错误?这样我们就可以在等待续订证书的同时获得一些测试时间。
US has an end date Thu Sep 08 19:59:59 EDT 2011 which is no longer valid.
[4/17/13 19:22:55:618 EDT] 00000021 SystemOut O WebContainer : 0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, WRITE: TLSv1 Alert, length = 2
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, called closeSocket()
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Thawte SSL CA, O="Thawte, Inc.", C=US is not trusted; internal cause is:
答案 0 :(得分:1)
使用以下代码信任所有证书。 注意:请勿在制作中使用
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[0], new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} }, new SecureRandom());
SSLContext.setDefault(ctx);
} catch (Exception e) {
throw new RuntimeException(e);
}