如何使用Keytool验证证书? [英] How to verify a certificate using Keytool?

问题描述

我想要一个程序来验证是否使用Oracle的SSLSocket类创建SSL套接字.在我的程序中，我希望客户端通过其证书(使用Keytool创建).服务器应验证证书，然后继续进行通信.我希望服务器检查连接到它的每个客户端的证书.假设所有密钥(服务器和客户端)都存储在Keystore中.我该如何实现?

I want to a program to verify to create a SSL Sockets using Oracle's SSLSocket class. In my program I want the client to pass its certificate (created using Keytool). The Server should verify the certificate and then proceed with communication. I want the server to check the certificate of each client that connects to it. Suppose that all the key's (server's and client's) are stored in the Keystore. How do I implement this?

如果我不能正确传达我的问题，请原谅我.我是新来的.我正在阅读此链接以获取一些说明.在这里，在读取密钥库时，服务器已直接对客户端的密钥文件名(即"client.public")进行硬编码.但是，在我的程序中，这将由客户端指定，因为服务器无法预先知道客户端的公钥文件名.

Forgive me if I am not able to convey my question correctly. I am new to this. I'm reading this link to get some directions. Here, while reading the keystores the server has directly hard-coded the client's key file name (viz "client.public"). However, in my program this will be specified by the client as the server can't know beforehand what the client's public key file name would be.

推荐答案

您已经完全描述了幕后已经发生的事情.您所要做的就是创建一个SSLServerSocket并将needClientAuth设置为true，然后像往常一样开始接受来自它的连接.剩下的由JSSE完成.

You've just described exactly what already happens behind the scenes. All you have to do is create an SSLServerSocket and set needClientAuth to true, and start accepting connections from it as usual. JSSE will do the rest.

这篇关于如何使用Keytool验证证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！