信任过期的证书 [英] Trusting an expired certificate
本文介绍了信任过期的证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的客户端在与证书过期的 https 服务器通信时出现以下错误.虽然我们正在等待通过更新在服务器端修复该问题,但我想知道我们是否可以通过将过期的证书添加到我们自己的信任库来绕过这个错误?这让我们可以在等待证书更新的同时获得一些测试时间.
My client is failing with the below error while communicating with a https server with an expired cert. While we are in the process of waiting that to be fixed on the server side by renewing, I am wondering if we can by pass this error by adding the expired cert to our own trust store? This allows us to gain some testing time while waiting for the cert to be renewed.
US has an end date Thu Sep 08 19:59:59 EDT 2011 which is no longer valid.
[4/17/13 19:22:55:618 EDT] 00000021 SystemOut O WebContainer : 0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, WRITE: TLSv1 Alert, length = 2
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, called closeSocket()
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut O WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Thawte SSL CA, O="Thawte, Inc.", C=US is not trusted; internal cause is:
推荐答案
使用以下代码信任所有证书.注意:请勿在生产中使用
Use the following code to trust all certificates. Note: Do not use it in the production
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[0], new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} }, new SecureRandom());
SSLContext.setDefault(ctx);
} catch (Exception e) {
throw new RuntimeException(e);
}
这篇关于信任过期的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
