我在我的计算机上安装了一台Apache 2服务器。首先,我使用单向SSL配置它,并尝试从Android连接它。为了配置我自己的单向SSL Apache 2服务器,我必须创建服务器证书。我使用以下命令完成了它:
openssl genrsa -out server.key 2048
openssl req -config ./openssl.cnf -new -key server.key -out server.req
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer
然后,我获取了server.cer文件并使用java keytool将其转换为BKS。 Android的身份验证工作正常。 然后,我继续使用Apache 2服务器的双向SSL配置 并试图通过Android与它进行交流。我无法让它发挥作用...... 我使用以下命令创建客户端证书:
openssl req -config ./openssl.cnf-newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer
openssl genrsa -out client.key 2048
openssl req -config ./openssl.cnf -new -key client.key -out client.req
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
导入client.p12文件后,它可以在PC浏览器中运行。 对于Android我将client.p12文件转换为BKS格式(使用Portecle工具),但似乎无法正常工作。也许转换没有正确完成?!我总是得到javax.net.ssl.SSLPeerUnverifiedException:没有对等证书异常。有谁知道可能是什么问题? 这是Android代码:
public class SslTestActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try {
// load truststore certificate
InputStream clientTruststoreIs = getResources().openRawResource(
R.raw.server);
KeyStore trustStore = KeyStore.getInstance("BKS");
trustStore.load(clientTruststoreIs, "mypassword".toCharArray());
System.out.println("---- Loaded server certificates: "
+ trustStore.size());
// load client certificate
InputStream keyStoreStream = getResources().openRawResource(
R.raw.clientt);
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(keyStoreStream, "password".toCharArray());
System.out
.println("-------Loaded client certificates: " + keyStore.size());
// initialize SSLSocketFactory to use the certificate
SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS,
keyStore, "password", trustStore, null, null);
// Set basic data
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "UTF-8");
// Register http/s shemas!
SchemeRegistry schReg = new SchemeRegistry();
schReg.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
schReg.register(new Scheme("https", socketFactory, 443));
ClientConnectionManager conMgr = new ThreadSafeClientConnManager(
params, schReg);
DefaultHttpClient sClient = new DefaultHttpClient(conMgr, params);
try {
String res = executeHttpGet(sClient, "https://10.41.0.102/");
System.out.println("------- SSL RESULT IS = " + res);
} catch (Exception e) {
System.out.println("---- ex " + e.getMessage());
e.printStackTrace();
}
} catch (Exception e) {
System.out.println("------Exception " + e.getMessage());
e.printStackTrace();
}
}
public String executeHttpGet(DefaultHttpClient client, String url) throws Exception {
BufferedReader in = null;
try {
HttpGet request = new HttpGet();
request.setURI(new URI(url));
HttpResponse response = client.execute(request);
in = new BufferedReader(new InputStreamReader(response
.getEntity().getContent()));
StringBuffer sb = new StringBuffer("");
String line = "";
String NL = System.getProperty("line.separator");
while ((line = in.readLine()) != null) {
sb.append(line + NL);
}
in.close();
String result = sb.toString();
return result;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}}
谢谢
答案 0 :(得分:2)
您的代码似乎正确无误。以下是您可以尝试的一些事项:
从Android列出密钥存储区的内容,以确保存在正确的证书并且可以解析。
在服务器端打开SSL调试并检查日志