我想与SSL / TLSv1.2建立HTTPS连接。 我装了几件东西。
X509Certificate rootCertificate = ...;
X509Certificate intermediateCertificate = ...;
X509Certificate myPublicCertificate = ...;
KeyStore myPrivateKey = ...;
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(myPrivateKey, "password");
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory socketFactory = context.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
URL url = new URL(urlPath);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
现在我必须连接到不同的服务器。
与Server1的连接(正常工作)
Server1具有 rootCertificate 以及 intermediateCertificate 作为证书颁发机构。可以建立联系。
与Server2的连接(不起作用) Server2仅配置 rootCertificate 作为证书颁发机构。但 MyPrivateKey 是使用Server2不知道的 intermediateCertificate 签名的。在SSL握手期间,会发生以下日志:
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
如何配置它知道的连接 MyPrivateKey 以及 intermediateCertificate 。它甚至可能吗?