java - 在 Java 中禁用 SSL 证书验证
问题描述
如何在 java 8 中禁用证书验证。我正在尝试使用 https 连接到其他服务器,但我不断收到此错误:
Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)
我试图通过使用-Dcom.sun.net.ssl.checkRevocation=false
我在这里找到的来修复它。我还尝试使用 Java Keytool 将自己的证书添加到池中。两种想法都没有改变任何东西。问题可能是我使用 openssl 生成了自己的证书。那不能由我导致错误的任何人签名。
如果我可以仅出于测试目的而禁用 SSL 检查,那就太好了。在生产场景中,我将拥有一个签名证书。
解决方案
除非仅用于测试目的,否则不建议禁用证书验证。您如何首先调用该服务?
如果您使用的是 Apache HttpClient:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();
如果您使用 HttpsURLConnection:
SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certificate, String str) {}
public void checkServerTrusted(X509Certificate[] certificate, String str) {}
}
};
context.init(null, trustManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
推荐阅读
- php - php 7.2.19 上的 Laravel Tinker
- maven - Azure DevOps - 如何在 pom 文件的构建 finalName 中引用管道变量?
- lua - Roblox Studio Lua 的“无限产量可能”有问题
- javascript - 如何根据 React 中另一个组件的更改来更新组件
- flutter - 加载图像后如何更新总数?
- opengl - 是否可以将几何传递给几何着色器?
- postgresql - postgres - 将分区表的一部分作为独立表移动到新数据库
- java - 在Java中,如何将数组作为参数直接传递给函数?
- flutter - 通过蓝牙在 Dart/Flutter 上使用 ModBus?
- amazon-web-services - 如何在 yml 中正确使用 CloudFormation 的内在函数