服务器证书和客户端信任库 [英] Server cert and Client Truststore

问题描述

我正在尝试使用 ssl 调用网络服务.我如何获得相关的服务器证书，以便我可以将其导入我的信任库?我知道从主要方法中使用属性 com.ibm.ssl.enableSignerExchangePrompt，但我会手动将服务器证书添加到我的信任库.

我不希望在我的任何 servlet 中设置此属性

非常感谢任何帮助谢谢达米安

解决方案

您可以通过实现您自己的 X509TrustManager 以编程方式使用 Java 执行此操作.

<预><代码>公共类 dummyTrustManager 实现 X509TrustManager {public void checkClientTrusted(X509Certificate[] chain, String authType) 抛出 CertificateException {//没做什么}public void checkServerTrusted(X509Certificate[] chain, String authType) 抛出 CertificateException {//没做什么}公共 X509Certificate[] getAcceptedIssuers() {//只返回一个空的发行者返回新的 X509Certificate[0]；}}

然后你可以使用这个信任管理器来创建一个 SSL 套接字

<预><代码>SSLContext context = SSLContext.getInstance("SSL");context.init(null, new TrustManager[] { new dummyTrustManager() },新的 java.security.SecureRandom());SSLSocketFactory 工厂 = context.getSocketFactory();InetAddress addr = InetAddress.getByName(host_);SSLSocket 袜子 = (SSLSocket)factory.createSocket(addr, port_);

然后使用该套接字您可以提取服务器证书(将其导入在受信任的密钥库中)

<预><代码>SSLSession 会话 = sock.getSession();证书[] certchain = session.getPeerCertificates();

I am trying to call a webservice using ssl. How do i get the relevant server cert so that i can import it into my truststore? I know about the use of property com.ibm.ssl.enableSignerExchangePrompt from a main method but i would add the server cert to my truststore manually.

I dont want this property set in any of my servlets

Any help is greatly appreciated Thanks Damien

解决方案

you can programmatically do this with Java by implementing your own X509TrustManager.

public class dummyTrustManager implements X509TrustManager {

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            //do nothing
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            // do nothing
        }

        public X509Certificate[] getAcceptedIssuers() {
            //just return an empty issuer
            return new X509Certificate[0];
        }
    }

Then you can use this trust manager to create a SSL sockect

SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] { new dummyTrustManager() },
                            new java.security.SecureRandom());

SSLSocketFactory factory = context.getSocketFactory();
InetAddress addr = InetAddress.getByName(host_);
SSLSocket sock =  (SSLSocket)factory.createSocket(addr, port_);

Then with that socket you can just extract the server certificate (an put import it in the trusted keystore)

SSLSession session = sock.getSession();
Certificate[] certchain = session.getPeerCertificates();

这篇关于服务器证书和客户端信任库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！