如何使用 pkcs12 文件在 Java 中使用 SSL 连接到安全网站? [英] How to connect to a secure website using SSL in Java with a pkcs12 file?
问题描述
我有一个 pkcs12 文件.我需要使用它来连接到使用 https 协议的网页.我遇到了一些代码,为了连接到安全的网页,我需要设置以下系统属性:
I have a pkcs12 file. I need to use this to connect to a webpage using https protocol. I came across some code where in order to connect to a secure web page i need to set the following system properties:
System.setProperty("javax.net.ssl.trustStore", "myTrustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", "new_cert.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "newpass");
我有 p12(pkcs12) 文件.我只需要一个信任库文件.
I have the p12(pkcs12) file. All I need is a truststore file.
我使用以下方法提取了证书:
I extracted the certificates using:
openssl.exe pkcs12 -in c:/mykey.p12 -out c:/cert.txt -nokeys -clcerts
现在将cert PEM文件转换为der
Now converted the cert PEM file to der
openssl.exe x509 -in c:/cert.txt -outform DER -out c:/CAcert.der
现在将 der 文件添加到密钥库
Now adding the der file to a keystore
keytool -import -file C:/Cacert.der -keystore mytruststore
现在我有了信任库,但是当我使用它时,出现以下错误
Now I have the truststore, but when I use it, I get the following error
Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
更新:删除某些属性并仅设置trustStore"、trustStorePassword"和trustStoreType"属性后,出现以下异常
Update: After removing certain properties and setting only the "trustStore", "trustStorePassword" and "trustStoreType" property, I got the following exception
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
请帮忙.
推荐答案
对于遇到类似情况的任何人,我都能够解决上述问题,如下所示:
For anyone encountering a similar situation I was able to solve the issue above as follows:
重新生成您的 pkcs12 文件,如下所示:
Regenerate your pkcs12 file as follows:
openssl pkcs12 -in oldpkcs.p12 -out keys -passout pass:tmp
openssl pkcs12 -in keys -export -out new.p12 -passin pass:tmp -passout pass:newpasswd
将 CA 证书从服务器导入 TrustStore(您自己的或 $JAVA_HOME/jre/lib/security/cacerts
中的 java 密钥库,密码:changeit
).
Import the CA certificate from server into a TrustStore ( either your own, or the java keystore in $JAVA_HOME/jre/lib/security/cacerts
, password: changeit
).
设置以下系统属性:
System.setProperty("javax.net.ssl.trustStore", "myTrustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", "new.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "newpasswd");
测试您的网址.
Test ur url.
礼貌@ http://forums.sun.com/thread.jspa?threadID=5296333
这篇关于如何使用 pkcs12 文件在 Java 中使用 SSL 连接到安全网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!