我尝试使用以下apache示例代码连接到https://www.google.com:
/**
* This example demonstrates how to create secure connections with a custom SSL
* context.
* http://www.apache.org/licenses/LICENSE-2.0
*/
public class ClientCustomSSL {
public final static void main(String[] args) throws Exception {
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
FileInputStream instream = new FileInputStream(new File(
"my.keystore"));
try {
trustStore.load(instream, "123456".toCharArray());
} finally {
try {
instream.close();
} catch (Exception ignore) {
}
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", 443, socketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
HttpGet httpget = new HttpGet("https://www.google.com");
System.out.println("executing request" + httpget.getRequestLine());
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: "
+ entity.getContentLength());
}
EntityUtils.consume(entity);
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
}
我收到此错误消息:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at ClientCustomSSL.main(ClientCustomSSL.java:71)
-keytool -list显示以下内容:
Keystore-Typ: JKS
Keystore-Provider: SUN
Keystore enthält 3 Einträge
low, 19.03.2012, trustedCertEntry,
Zertifikat-Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
root, 19.03.2012, trustedCertEntry,
Zertifikat-Fingerprint (SHA1): C1:95:6D:C8:A7:DF:B2:A5:A5:69:34:DA:09:77:8E:3A:11:02:33:58
mid, 19.03.2012, trustedCertEntry,
Zertifikat-Fingerprint (SHA1): EC:07:10:03:D8:F5:A3:7F:42:C4:55:7F:65:6A:AE:86:65:FA:4B:02
我在浏览器中保存了所有3个证书(google.com和更高版本),方法是点击地址栏>文件并使用keytool -import -trustcacerts -alias xx -file xxxx.cer
将其导入我做错了什么? 提前谢谢