使用KeyStore的HttpsUrlConnection而不是使用WebSphere Liberty Profile的TrustStore [英] HttpsUrlConnection using KeyStore instead of TrustStore with WebSphere Liberty Profile

问题描述

我们在WebSphere Liberty Profile中的WebSphere TAI中使用HttpsUrlConnection来连接到安全服务器。我遇到了很多SSL证书错误的问题，直到我发现它在WLP密钥库中寻找签名者证书，而不是WLP信任库或JVM信任库。代码设置中没有任何内容，它必须是默认值。但我很困惑，因为当我们在其他代码中使用HTTP客户端时，它使用JVM的信任库。

We are using HttpsUrlConnection in a WebSphere TAI in WebSphere Liberty Profile to connect to a security server. I had a lot of problems with SSL cert errors, until I discovered that it is looking for signer certs in the WLP keystore, not the WLP truststore or JVM truststore. There is nothing in the code setting this, it must be a default. But I am confused, because when we use an HTTP client in other code, it uses the JVM's truststore.

如何使HttpsUrlConnection使用WLP或JVM信任库，而不是密钥库？

How can I make the HttpsUrlConnection use the WLP or JVM truststore, and not the keystore?

推荐答案

您可以按如下所示加载信任存储，并将其设置为SSLContext，可以设置为HttpsUrlConnection。由于这是我使用默认值的示例，您应该使用适当的算法，协议和信任库类型替换它们。

You can load your trust store as below and set it to SSLContext which can be set into HttpsUrlConnection. As this is an example I used defaults, you should replace them with appropriate algorithms, protocol and truststore type.

        try (FileInputStream truststoreFile = new FileInputStream("path/to/your/truststore.jks")) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
            char[] trustorePassword = "<truststorePassword".toCharArray();
            truststore.load(truststoreFile, trustorePassword);
            trustManagerFactory.init(truststore);
            SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
            KeyManager[] keyManagers = {};//if you have key managers;

            sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());

            URL httpsUrl = new URL("<your https url>");
            URLConnection urlConnection = httpsUrl.openConnection();

        } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
            //handle exception
        } catch (KeyManagementException e) {
           //handle exception
        }

这篇关于使用KeyStore的HttpsUrlConnection而不是使用WebSphere Liberty Profile的TrustStore的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！