如何解决 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching [英] How to solve javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateEx ception: No name matching
问题描述
我正在尝试使用 Java 通过 ssl 连接到我的一台服务器.我尝试了很多选择
I'm trying to connect to one of my servers through ssl, with Java. I tried a lot of options
String jwtUrl = "https://ABC.XYZ.COM:3333/api/auth";
String username = "ABC";
String password = "ABC";
String userCredentials = username + ":" + password;
String basicAuth = "Basic "
+ new String(org.apache.commons.codec.binary.Base64.encodeBase64(userCredentials.getBytes()));
HttpHeaders headers1 = new HttpHeaders();
headers1.set("Authorization", basicAuth);
HttpEntity httpEntity = new HttpEntity(headers1);
ResponseEntity<String> responseEntity = restTemplate1.exchange(jwtUrl, HttpMethod.GET, httpEntity,
String.class);
System.out.println("Response Body = " + responseEntity.getBody());
我收到此异常,
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateEx
ception: No name matching ABC.XYZ.COM found
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
这种方式对我有用,用于测试目的
this way it works for me , for testing purpose
static {
disableSslVerification();
}
private static void disableSslVerification() {
try {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// TODO Auto-generated method stub
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
return false;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
如何以好的方式解决这个问题.我无法禁用 ssl 验证,还有哪些其他选项可用?我正在使用 spring Rest Template、tomcat 等我不想完全忽略证书检查.
How to solve this in good way. i cannot disable ssl verification, what are other options available ? I am using spring Rest Template ,tomcat etc I don't want to entirely ignores certificate checking.
推荐答案
确保证书在您的信任存储文件中.您的 JRE 的 trustStore 默认位于 JAVA_HOME/jre/lib/security 文件夹中,通常命名为cacerts".将您的服务器证书导入此文件并通过 javax.net.ssl.trustStore JVM 属性指定它.请参阅 javarevisited.blogspot.com/2012/03/... 了解更多详情
Make sure the certificate is in your trust store file. Your JRE's trustStore is by default in JAVA_HOME/jre/lib/security folder and commonly named as "cacerts". Import your server certificate to this file and specify it through javax.net.ssl.trustStore JVM property. Refer javarevisited.blogspot.com/2012/03/… for more details
这篇关于如何解决 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
