“对等端未通过身份验证" SSL证书错误，使用DefaultHttpClient [英] 'peer not authenticated' SSL certificate error usng DefaultHttpClient

问题描述

我有一个应用程序jar，可以使用DefaultHTTPClient类对象从其中调用 HTTPS URL，但是它提供了 peer not authenticate exception ，所以我想使用密钥库对jar进行签名

I have an application jar from which I m calling an HTTPS url using DefaultHTTPClient class object but its giving peer not authenticate exception, so I want to sign jar using keystore.

我有一个带有公共密钥的.cer文件，可以导入密钥库，但是当我使用jarsigner工具时，它说未找到证书链.您必须具有私有密钥并关联公共密钥.

I have .cer file which has public key and I can able to import into keystore but when I use jarsigner tool it says certificate chain not found.you must have private key and associate public key.

我也有.pfx文件，它应该是私钥，但我不知道如何导入.任何人都可以告诉我如何导入.pfx文件并在jarsigner中使用的步骤.

I have .pfx file also which is suppose to an private key but I don't know how to import it.can any one able to tell me the steps how to import .pfx file and use in jarsigner.

如果我在某个地方弄错了，请纠正我.

Correct me if I m wrong somewhere..

更新

根据@Duncan，我可以通过引用此链接..我用下面的命令将.cer导入cacerts

As per @Duncan I am able to import .cer file in JVM by referring This Link.. I used bellowed command to import .cer into cacerts

c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit

c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit

此后，我输入"y"以信任证书

After this I entered 'y' to trust the certificate

Trust this certificate? [no]: y Certificate was added to keystore

Trust this certificate? [no]: y Certificate was added to keystore

此后，我运行我的应用程序，但它仍然给我javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

After that I Run my application but it still gives me javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

堆栈如下:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.jav
a:126)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFact
ory.java:572)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnect
ion(DefaultClientConnectionOperator.java:180)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedCli
entConnectionImpl.java:294)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(Default
RequestDirector.java:645)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultReq
uestDirector.java:480)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:906)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:805)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
ient.java:784)
        at testhttps.TestHTTPS.testWithMKCLHTTPClient(TestHTTPS.java:95)
        at testhttps.TestHTTPS.main(TestHTTPS.java:49)

我的代码是:

String url = "https://domain.org/webapp/transformer/doTransformer/doReg";
try {


    HttpPost postRequest = new HttpPost(url);       
    HttpResponse httpResponse = null;

    DefaultHttpClient httpClient = new DefaultHttpClient();     
    httpResponse = httpClient.execute(postRequest);             
} catch (Exception e) {         
    e.printStackTrace();
}

推荐答案

此异常表明与服务器URL的连接不是来自经过身份验证的客户端.要解决此问题，我们必须在Java应用程序正在其上导入证书的jre中导入服务器的公共证书，请按照以下步骤操作:

This exceptions tell that connection made to server URL is not from authenticated client. To resolve this issue we have to import server's public certificate in jre on which java application is runnering to import certificate follow these steps:

按照@Duncan(评论)，我可以通过引用

As per @Duncan (comment) I am able to import .cer file in JVM by referring This Link.. I used bellowed command to import .cer into cacerts

c:\ Program Files \ Java \ jre7 \ bin> keytool -importcert -alias esbcert -file"e:\ Desktop \ esbcert \ esb.cer" -keystore"c:\ Program Files \ Java \ jre7 \ lib \ security \ cacerts" -storepass changeit

c:\Program Files\Java\jre7\bin>keytool -importcert -alias esbcert -file "e:\Desktop\esbcert\esb.cer" -keystore "c:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit

此后，我输入"y"以信任证书

After this I entered 'y' to trust the certificate

信任此证书吗? [否]:y 证书已添加到密钥库中

Trust this certificate? [no]: y Certificate was added to keystore

这篇关于“对等端未通过身份验证" SSL证书错误，使用DefaultHttpClient的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！