忽略Apache HttpClient 4.3中的SSL证书 [英] Ignoring SSL certificate in Apache HttpClient 4.3

问题描述

如何忽略 Apache HttpClient 4.3 <的SSL证书（全部信任） / a>？

How to ignore SSL certificate (trust all) for Apache HttpClient 4.3?

我在SO上找到的所有答案都会处理以前的版本，并且API已更改。

All the answers that I have found on SO treat previous versions, and the API changed.

相关：

• 如何忽略Apache HttpClient 4.0中的SSL证书错误


• 如何使用Apache HttpClient处理无效的SSL证书？


• 需要信任所有证书。使用Spring进行开发


• 用Java忽略SSL证书错误

• How to ignore SSL certificate errors in Apache HttpClient 4.0
• How to handle invalid SSL certificates with Apache HttpClient?
• Need to trust all the certificates during the development using Spring
• Ignore SSL Certificate Errors with Java

编辑：

• 仅用于测试目的。孩子们，不要在家里（或在制作中）尝试。

推荐答案

下面的代码适用于信任自签名证书。您必须使用 TrustSelfSignedStrategy 创建客户端时：

The code below works for trusting self-signed certificates. You have to use the TrustSelfSignedStrategy when creating your client:

    SSLContextBuilder builder = new SSLContextBuilder();
    builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            builder.build());
    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
            sslsf).build();

    HttpGet httpGet = new HttpGet("https://some-server");
    CloseableHttpResponse response = httpclient.execute(httpGet);
    try {
        System.out.println(response.getStatusLine());
        HttpEntity entity = response.getEntity();
        EntityUtils.consume(entity);
    }
    finally {
        response.close();
    }

我没有包含 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER 故意：重点是允许使用自签名证书进行测试，这样您就不必从证书颁发机构获得适当的证书。您可以使用正确的主机名轻松创建自签名证书，这样做而不是添加 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER 标志。

I did not include the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER on purpose: The point was to allow testing with self signed certificates so you don't have to acquire a proper certificate from a certification authority. You can easily create a self-signed certificate with the correct host name, so do that instead of adding the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER flag.

这篇关于忽略Apache HttpClient 4.3中的SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！