使用SSL证书错误Java连接HTTPS

时间:2016-11-14 13:05:07

标签: java ssl https certificate

我在使用Java连接SSL时遇到问题。

我使用java 1.7.80和S.O. :ubuntu 14.04

我的问题是证书,甚至是证书。我有四个必须使用pkcs12格式连接的元素。

testservizi.fattura.it.cer - >标识远程服务器的证书

SDI-11036210158 - >证书客户

CAEntratetest.cer - >证书CA

private.key - >私钥

1)步骤 - 将文件cer转换为文件pem 

$ openssl x509 -in CAEntratetest.cer -outform PEM -out CAEntratetest.pem
$ openssl x509 -in SDI-11036210158.cer -inform DER -out SDI-11036210158.pem -outform PEM
$ openssl x509 -in testservizi.fatturapa.it.cer -inform DER -out testservizi.fatturapa.it.pem -outform PEM

2)步骤 - 联合用于创建链证书的pem文件

$ cat CAEntratetest.pem SDI-11036210158.pem testservizi.fatturapa.it.pem > sum_cert.pem

3)步骤 - 创建p12文件

$ openssl pkcs12 -export -in sum_cert.pem -inkey private.key -out sogei_auth.p12 -name sogei_auth

确定。我的第一个测试是在浏览器(Mozilla Firefox)中导入p12文件以验证操作。 导入成功,此时我输入网址

https://testservizi.fatturapa.it/ricevi_file

他回答说:

  

您好!这是一个Axis2 Web服务!

..完美的作品!!

现在我必须使用java并创建一个测试客户端

import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;

public class TestHTTPSClient {

    public static void main(String[] args) throws Exception {
        SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("C:/testSSL/sogei_auth.p12"), "changeit".toCharArray()).build();
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
        CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
        try {
            HttpGet httpget = new HttpGet("https://testservizi.fatturapa.it/ricevi_file");
            System.out.println("executing request " + httpget.getRequestLine());
            CloseableHttpResponse response = httpclient.execute(httpget);
            try {
                HttpEntity entity = response.getEntity();
                System.out.println("----------------------------------------");
                System.out.println(response.getStatusLine());
                EntityUtils.consume(entity);
            } finally {
                response.close();
            }
        } finally {
            httpclient.close();
        }
    }
}

2)更改 java.security 中的格式密钥库,否则无法读取文件p12

keystore.type=jks

改为

keystore.type=pkcs12

3)在java中开始测试,我回答错误

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
..
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 26 more
你可以帮助我......

1 个答案:

答案 0 :(得分:0)

如果不需要运行时认证,您可以存储在jre cacerts文件中以永久解决此问题!检查this答案,以便将证书安装到cacerts ......

并从您的来源中删除所有与认证相关的代码!请说明您是否只想手动执行此运行时。

相关问题
最新问题