Java 7 - SSL 如何信任所有证书 [英] Java 7 - SSL how to trust all certificates

问题描述

我正在编写一个 Java 代理，它使用 SSL 与其他服务器进行通信.使用 ServerSocketFactory 以及使用服务器证书填充的密钥库和信任库，一切都很好.

I am writing a Java proxy which communicates to other servers using SSL. It all works well using ServerSocketFactory along with keystore and trustore which is populated with the server cert.

我想知道，Java 7 中有没有办法禁用认证并信任所有服务器?(是的，我知道这有风险 - 但代理仅供内部使用)

I wonder, is there a way in Java 7 to disable the certification and trust all servers? (and yes I know this is risky - bu the proxy is for internal use only)

我已经看到一些使用 X509TrustManager 实现来实现 TrustManager 的示例，尽管显然 Java 7 不支持这些契约，并且 X509TrustManager 本身已被弃用.

I have seen some examples of implementing TrustManager using X509TrustManager implementation, although apparently Java 7 does not support these contracts and X509TrustManager itself has been deprecated.

感谢您的建议和任何关于 Java 7 有效的代码示例.

Appreciate your advise and any code sample on Java 7 that works.

推荐答案

我所做的是使用本文中提到的代码实现一个 java.security.Provider

What I did was implementing a java.security.Provider using the code mentioned in this post

https://code.google.com/p/misc-utils/wiki/JavaHttpsUrl

注意:这是提供的第二种解决方案.

Note: it is the second solution offered.

这篇文章没有提到您还应该添加一个密钥库以使事情正常进行.因此，也应该设置这些 VM 参数(除非您会收到没有共同的密码套件"的错误消息):

This post does not mention that you should also add a keystore in-order to make things work. So, these VM argument should be set as well (Unless so you will get an error message of "no cipher suites in common"):

                -Djavax.net.ssl.keyStore=KEYSTORE LOCATION
                -Djavax.net.ssl.keyStorePassword=YOUR PASS

我希望这对你有帮助，因为在我看过的所有地方都没有提到这一部分.

I hope this will help you, since in all the places I looked at this part was not mentioned.

这篇关于Java 7 - SSL 如何信任所有证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！