将cacert卷曲到Java HttpClient等效项 [英] Curl cacert to Java HttpClient equivalent

问题描述

我想知道我是否能够使用curl像下面的命令那样建立连接，

I wonder if I am able to make a connection using curl like the following command,

curl --cacert some.pem https://someurl.com/resource

如何将其转换为httpclient代码?我知道我需要转换pem文件并创建一个新的密钥库，等等.但是所有这些openssl，keytool命令，密钥库，信任库使我感到困惑，我不知道要使用哪个命令和顺序.

How do I convert this to httpclient code? I understands I need to convert the pem file and create a new keystore, etc. But all these openssl, keytool commands, keystore, truststore confuses me, I don't know which one to use and in which order.

推荐答案

您需要根据PEM文件创建一个密钥库(将用作信任库).可以按照以下步骤进行.

You need to create a keystore (which you'll use as a trust store) from the PEM file. This can be done as follows.

keytool -import -file cacert.pem -alias myca -keystore truststore.jks

然后，您需要将此密钥库用作信任库.

You then need to use this keystore as a truststore.

如果您只想为特定的连接执行此操作，则应遵循此答案.

If you wish to do this for a specific connection only, you should follow this answer.

如果要对应用程序中的所有连接(或至少不更改默认连接的连接)执行此操作，则可以使用javax.net.ssl.trustStore(及相关的)系统属性(请参见).如果要对整个应用程序执行此操作，则问题在于将不包括默认的受信任CA.解决此问题的一种简单方法是制作与JRE捆绑在一起的cacerts文件的副本，并将其用作truststore.jks的起点.

If you want to do this for all connections in your application (or at least those that don't change the default), you can use the javax.net.ssl.trustStore (and related) system properties (see the Customization section of the JSSE Reference Guide). The problem if you want to do this for your entire application is that default trusted CAs won't be included. An easy way around this is to make a copy of the cacerts file bundled with your JRE and use it as a starting point for truststore.jks.

或者，您可以将证书直接导入到全局cacerts文件中，但这将默认使该JRE上运行的所有应用程序都信任该证书.

Alternatively, you can import the certificate directly into the global cacerts file, but this will make that certificate trusted by default on all applications running on this JRE.

(您还可以在此答案中找到有关密钥库和信任库的更多信息.)

(You can also find more about the distinction between keystore and truststore in this answer.)

这篇关于将cacert卷曲到Java HttpClient等效项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！