自签名证书绕过不起作用

时间:2015-12-08 09:06:50

标签: java ssl apache-httpclient-4.x

CloseableHttpClient client = HttpClients.custom().setSSLHostnameVerifier(new NoopHostnameVerifier()).build();

给我一​​个错误:

[sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径

即。它没有按预期添加所有自签名证书..

我的HTTPClient版本是4.5.1 和HTTPCore是版本4.4.4

请不要使用SSLContextBuilder等弃用的方法给我一个解决方案

1 个答案:

答案 0 :(得分:3)

尝试使用此代码段:

import java.security.*;
import org.apache.http.conn.ssl.*;


try
{
  SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException
    {
      return true;
    }
  }).build();

  CloseableHttpClient client =HttpClients.custom().setSSLContext(sslContext).setSSLHostnameVerifier(new NoopHostnameVerifier())
                              .build();
 }
 catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e)
 {
   e.printStackTrace();
 }