Question

我正在尝试使用Java通过ssl连接到我的一台服务器。我尝试了很多选择

String jwtUrl = "https://ABC.XYZ.COM:3333/api/auth";
String username = "ABC";
String password = "ABC";


String userCredentials = username + ":" + password;
String basicAuth = "Basic "
+ new String(org.apache.commons.codec.binary.Base64.encodeBase64(userCredentials.getBytes()));

HttpHeaders headers1 = new HttpHeaders();
headers1.set("Authorization", basicAuth);
HttpEntity httpEntity = new HttpEntity(headers1);
ResponseEntity<String> responseEntity = restTemplate1.exchange(jwtUrl, HttpMethod.GET, httpEntity,
String.class);

System.out.println("Response Body = " + responseEntity.getBody());

我得到了这个例外，

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateEx
ception: No name matching ABC.XYZ.COM found
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)

这种方式适用于我，用于测试目的

static {
        disableSslVerification();
}

private static void disableSslVerification() {
        try {
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    // TODO Auto-generated method stub

                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    // TODO Auto-generated method stub

                }
            } };

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {

                @Override
                public boolean verify(String hostname, SSLSession session) {
                    // TODO Auto-generated method stub
                    return false;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }

如何以良好的方式解决这个问题。我无法禁用ssl验证，还有哪些其他选项？我正在使用spring rest Template，tomcat等我不想完全忽略证书检查。

Answer 1

确保证书位于您的信任库文件中。您的JRE的trustStore默认位于JAVA_HOME / jre / lib / security文件夹中，通常命名为＆＃34; cacerts＆＃34;。将服务器证书导入此文件，并通过javax.net.ssl.trustStore JVM属性指定它。有关详细信息，请参阅javarevisited.blogspot.com/2012/03/...

如何解决javax.net.ssl.SSLHandshakeException：java.security.cert.CertificateEx ception：没有名称匹配

1 个答案: