在Java中禁用SSL证书验证

时间:2019-02-04 12:52:50

标签: java ssl https

如何在Java 8中禁用证书验证。我正在尝试使用https连接到其他服务器,但是我一直收到此错误:

Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)

我尝试使用发现的here-Dcom.sun.net.ssl.checkRevocation=false来修复它。 我还尝试使用Java Keytool将自己的证书添加到池中。两种想法都没有改变。问题可能是我使用openssl生成了自己的证书。任何导致我出错的人都无法签名。

如果我仅出于测试目的而仅禁用SSL检查,那就太好了。在生产场景中,我将拥有签名证书。

1 个答案:

答案 0 :(得分:1)

不建议禁用证书验证,除非仅用于测试目的。首先如何调用服务?

如果您使用的是Apache HttpCleint:

SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
    new X509TrustManager() {
       public X509Certificate[] getAcceptedIssuers() {
           return new X509Certificate[0];
       }
       public void checkClientTrusted(X509Certificate[] certificate, String str) {}
       public void checkServerTrusted(X509Certificate[] certificate, String str) {}
    }
};
context.init(null, trustManager, new SecureRandom());

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
        SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();

如果您使用的是HttpsURLConnection:

SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
    new X509TrustManager() {
       public X509Certificate[] getAcceptedIssuers() {
           return new X509Certificate[0];
       }
       public void checkClientTrusted(X509Certificate[] certificate, String str) {}
       public void checkServerTrusted(X509Certificate[] certificate, String str) {}
    }
};
context.init(null, trustManager, new SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());