是否有可能让Java忽略“信任存储”？并且只接受它获得的任何SSL证书？ [英] Is it possible to get Java to ignore the "trust store" and just accept whatever SSL certificate it gets?

问题描述

我正在尝试编写一个使用javax.mail API发送邮件的SSL客户端。我遇到的问题是服务器请求我使用SSL，但服务器也配置了非标准的SSL证书。我发现的网页说我需要将证书安装到信任库中。我不想那样做（我没有必要的权限。）

I am trying to write an SSL client that sends mail using the javax.mail API. The problem I am having is that the server request that I use SSL, but the server is also configured with a non-standard SSL certificate. The web pages I have found say that I need to install the certificate into the trust store. I don't want to do that (I don't have the necessary permissions.)

1. 有没有办法让Java变成公正的忽略证书错误并接受它？


2. 如果失败了，有没有办法让信任存储对我的程序来说是本地的，而不是为整个JVM安装？

推荐答案

您需要创建一个接受所有证书的假TrustManager，并将其注册为经理。这样的事情：

You need to create a fake TrustManager that accepts all certificates, and register it as a manager. Something like this:

public class MyManager implements com.sun.net.ssl.X509TrustManager {
  public boolean isClientTrusted(X509Certificate[] chain) { return true; }
  public boolean isHostTrusted(X509Certificate[] chain) { return true; }
  ...
}


com.sun.net.ssl.TrustManager[] managers =
  new com.sun.net.ssl.TrustManager[] {new MyManager()};

com.sun.net.ssl.SSLContext.getInstance("SSL").
       .init(null, managers, new SecureRandom());

这篇关于是否有可能让Java忽略“信任存储”？并且只接受它获得的任何SSL证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！