使用KeyStore的HttpsUrlConnection而不是使用WebSphere Liberty Profile的TrustStore [英] HttpsUrlConnection using KeyStore instead of TrustStore with WebSphere Liberty Profile
问题描述
我们在WebSphere Liberty Profile中的WebSphere TAI中使用HttpsUrlConnection来连接到安全服务器。我遇到了很多SSL证书错误的问题,直到我发现它在WLP密钥库中寻找签名者证书,而不是WLP信任库或JVM信任库。代码设置中没有任何内容,它必须是默认值。但我很困惑,因为当我们在其他代码中使用HTTP客户端时,它使用JVM的信任库。
We are using HttpsUrlConnection in a WebSphere TAI in WebSphere Liberty Profile to connect to a security server. I had a lot of problems with SSL cert errors, until I discovered that it is looking for signer certs in the WLP keystore, not the WLP truststore or JVM truststore. There is nothing in the code setting this, it must be a default. But I am confused, because when we use an HTTP client in other code, it uses the JVM's truststore.
如何使HttpsUrlConnection使用WLP或JVM信任库,而不是密钥库?
How can I make the HttpsUrlConnection use the WLP or JVM truststore, and not the keystore?
推荐答案
您可以按如下所示加载信任存储,并将其设置为SSLContext,可以设置为HttpsUrlConnection。由于这是我使用默认值的示例,您应该使用适当的算法,协议和信任库类型替换它们。
You can load your trust store as below and set it to SSLContext which can be set into HttpsUrlConnection. As this is an example I used defaults, you should replace them with appropriate algorithms, protocol and truststore type.
try (FileInputStream truststoreFile = new FileInputStream("path/to/your/truststore.jks")) {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
char[] trustorePassword = "<truststorePassword".toCharArray();
truststore.load(truststoreFile, trustorePassword);
trustManagerFactory.init(truststore);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
KeyManager[] keyManagers = {};//if you have key managers;
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());
URL httpsUrl = new URL("<your https url>");
URLConnection urlConnection = httpsUrl.openConnection();
} catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
//handle exception
} catch (KeyManagementException e) {
//handle exception
}
这篇关于使用KeyStore的HttpsUrlConnection而不是使用WebSphere Liberty Profile的TrustStore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!