在Java中禁用SSL证书验证 [英] Disable SSL certificate validation in Java

问题描述

如何在Java 8中禁用证书验证.我正在尝试使用https连接到其他服务器，但是我一直收到此错误:

How can I disable certificate validation in java 8. I am trying to use https to connect to an other server but I keep getting this error:

Exception while providing content: [Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
[Thread[RMI TCP Connection(8)-192.168.56.1,5,RMI Runtime], 1549283885696] de.innovas.iaf.base_common.exceptions.NonRecoverableException: CT_0001_0[javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.sun.istack.SAXException2: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy511.generatePdf(Unknown Source)

我试图通过使用-Dcom.sun.net.ssl.checkRevocation=false来修复它，我在此处找到了它. 我还尝试使用Java Keytool将自己的证书添加到池中.两种想法都没有改变.问题可能是我使用openssl生成了自己的证书.任何导致我出错的人都无法签名.

I tried to fix it by using -Dcom.sun.net.ssl.checkRevocation=false which i found here. I also tried adding my own certificate to the pool using Java Keytool. Both ideas didn't change anything. The problem might be that I generated my own certificate with openssl. That cant be signed by anyone which my result in the error.

如果我仅出于测试目的而仅禁用SSL检查，那就太好了.在生产场景中，我将拥有签名证书.

It would be nice if I could simply disable SSL checks for testing purposes only. In a production scenario I will have a signed certificate.

推荐答案

不建议禁用证书验证，除非仅用于测试目的.首先如何调用服务?

It is not advised to disable certificate validation unless it is only for testing purposes. How are you invoking the service in the first place?

如果您使用的是Apache HttpClient:

SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
    new X509TrustManager() {
       public X509Certificate[] getAcceptedIssuers() {
           return new X509Certificate[0];
       }
       public void checkClientTrusted(X509Certificate[] certificate, String str) {}
       public void checkServerTrusted(X509Certificate[] certificate, String str) {}
    }
};
context.init(null, trustManager, new SecureRandom());

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context,
        SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

HttpClient client = HttpClientBuilder.create().setSSLSocketFactory(socketFactory).build();

如果您使用的是HttpsURLConnection:

SSLContext context = SSLContext.getInstance("TLSv1.2");
TrustManager[] trustManager = new TrustManager[] {
    new X509TrustManager() {
       public X509Certificate[] getAcceptedIssuers() {
           return new X509Certificate[0];
       }
       public void checkClientTrusted(X509Certificate[] certificate, String str) {}
       public void checkServerTrusted(X509Certificate[] certificate, String str) {}
    }
};
context.init(null, trustManager, new SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());

这篇关于在Java中禁用SSL证书验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！