java.security.cert.CertPathValidatorException:找不到证书路径的信任锚 [英] java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.NETWORK
问题描述
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.NETWORK
我在翻新中调用一个API服务时遇到了这个错误,我进行了很多搜索并找到了答案
Hi i got this error while i am calling one API service from retrofit , i am searching a lot and found answer like
private static void setupRestClient() {
RestAdapter restAdapter = new RestAdapter.Builder()
.setLogLevel(RestAdapter.LogLevel.FULL)
.setEndpoint(ROOT)
//.setClient(new OkClient(new com.squareup.okhttp.OkHttpClient()))
//.setClient(getOkClient())
.setClient(setSSLFactoryForClient(new com.squareup.okhttp.OkHttpClient()))
.setRequestInterceptor(new SessionRequestInterceptor())
.setLogLevel(RestAdapter.LogLevel.FULL)
.setLog(new AndroidLog(NetworkUtil.APP_TAG))
.build();
REST_CLIENT = restAdapter.create(Restapi.class);
}
// SET SSL
public static OkClient setSSLFactoryForClient(OkHttpClient client) {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return new OkClient(client);
}
使用setSSLFactoryForClient方法后,它可以很好地工作,但我不知道出了什么问题,此方法我知道该问题与SSL证书身份验证有关,但是任何人都可以简短地向我解释一下
After using setSSLFactoryForClient method it work fine but i couldn't understand whats going wrong and what this method does i know the problem is related to SSL Certificate Authentication but Can any one explain me this in brief Please
推荐答案
这将禁用SSL的安全性.可以进行本地测试,但不适合实际用户使用.
This is disabling the security of SSL. This is ok for local testing but not appropriate for use with real users.
如果您使用自签名证书运行本地开发服务器,则可以通过这种方式告诉服务器以最小的痛苦连接到该服务器.
If you run your local dev server with a self signed cert then this is how you can tell it to connect to it with minimal pain.
通常,任何用户代理(Windows上的Firefox,Mac上的Safari,Android上的Safari)都将具有其信任的用于验证站点证书的根CA列表.一些较新的服务(如Let's Encrypt)将在较旧的平台上不受信任,因此您可以提前添加自己知道的证书.
More generally any user agent (Firefox on Windows, Safari on Mac, Android) will have a list of root CAs it trusts to verify a sites certificates. Some newer services like let's encrypt will not be trusted on older platforms so you can add your own certificates that you know ahead of time.
主机名验证意味着它提供的证书甚至可以用于其他站点.
The hostname verification means that the cert it serves could be for a different site even.
对于实际流量,此代码表示您的用户在中间攻击时很容易受到人为攻击.
For real traffic this code means your users are susceptible to man in the middle attacks.
这篇关于java.security.cert.CertPathValidatorException:找不到证书路径的信任锚的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
