黑莓应用程序安装SSL证书 [英] Install SSL Certificate with BlackBerry App

问题描述

我们有一个访问使用未一些黑莓OS5设备安装SSL证书安全的Web服务的黑莓应用程序。这是造成我们的应用程序谁看到这条消息的用户的问题。

We have a BlackBerry app that access a secure web service that uses a SSL Certificate that is not installed on some BlackBerry OS5 devices. This is causing problems for users of our apps who see this message.

你正试图打开安全连接，但服务器的证书不被信任。

"You are attempting to open a secure connection, but the server's certificate is not trusted."

我们可以用这种方法手动安装证书

We can install the cert manually by this method

<一个href=\"https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO4477&actp=search&viewlocale=en_US&searchid=1328216150785\" rel=\"nofollow\">https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO4477&actp=search&viewlocale=en_US&searchid=1328216150785

但是这显然不是为我们的客户一个很好的解决方案。

but this is obviously not a good solution for our customers.

有没有办法来包装和放大器;安装与应用程序所需要的证书？这个证书工作正常与iOS，Android的，IE，Firefox和放大器; Chrome浏览器。

Is there a way to package & install the required cert with the app? This cert works fine with iOS, Android, IE, Firefox & Chrome.

推荐答案

您可以包括在code包作为一种资源的证书X509并把它在密钥存储。但用户必须手动进入他们的证书存储区和信任它。如果用户还没有previously使用的证书存储区这将会迫使他们挑在这一点上密码的令人遗憾的副作用。

You can include the cert X509 in the code bundle as a resource and put it in the key store. But the user will have to manually go into their certificate store and trust it. If the user has not previously used the certificate store this will have the unfortunate side effect of forcing them to pick a password at that point.

以下code将读取PEM格式的资源文件的证书，但与----- BEGIN / END CERTIFICATE -----行删除。我已经使用这个code的所有要素，但不是在这个确切的配置。如果有任何问题，它我会很乐意去尝试他们理清。

The following code will read a certificate from a resource file in PEM format but with the -----BEGIN/END CERTIFICATE----- lines removed. I have used all the elements of this code, but not in this exact configuration. If there are any problems with it I would be happy to try to sort them out.

该证书将不被信任，因此用户需要手动进入设备选项下的证书存储应用程序和信任的证书。确保他们明白，他们不能撤销certfificate。这种操作无法在设备上没有撤消擦拭和重新安装操作系统。唯一的另一种选择是重新颁发新证书。

The certificate won't be trusted so the user will have to manually go into the certificate store application under device Options and "Trust" the certificate. Make sure they understand that they can not revoke the certfificate. That operation can not be undone on the device without wiping and re-installing the OS. The only other option is to re-issue a new certificate.

如果任何人知道如何得到角落找寻这些finiky位让我知道，我会包括这code中的解决方案，或者链接到哪里，现在存在。

If anyone knows how to get arround these finiky bits let me know and I will include the solution in this code, or link to wherever it exists now.

X509Certificate _x509;

try {
    // Get an input stream for the certificate in a resource file
    InputStream rs = getClass().getResourceAsStream("/certificate.pem");

    // PEM format is Base64 encoded
    Base64InputStream b64is = new Base64InputStream(rs);

    // Create the X509 certificate
    _x509 = new X509Certificate(b64is);

    // Clean up.
    b64is.close();
    rs.close();

    // if the certificate is self signed this will perform a 
    // verfication check. For non-self signed certificates
    // one could provide the signer's certificate in another
    // resource file and validate it with that public key. Other
    // versions of verify will verify it with a certificate in
    // a keystore, but then we wouldn't need to do all this.
    _x509.verify(_x509.getPublicKey());
    System.out.println(_x509.getSubjectFriendlyName());
    System.out.println(Integer.toHexString(_x509.hashCode()));

    // Add the certificate to the DeviceKeyStore
    KeyStore ks = DeviceKeyStore.getInstance();

    // Associated data is set to null, but can be used if there is associated
    // data known. You can use _x509.getStatus() instead of encoding the GOOD
    // constant, but if the device can not find a revokation or validation list
    // it will set the status to UNKNOWN which will confuse users. ks.getTicket()
    // will prompt the user for permission for the program to access the key store.
    // This may also cause the system to ask the user to set a password, unfortunately
    // I can't remember, but I don't think it will if there is no private key in the
    // certificate.
    ks.set(null, _x509.getSubjectFriendlyName(), _x509, CertificateStatus.GOOD, 
       ks.getTicket() );
} catch (CertificateException ce) {
    System.out.println(ce.toString());
} catch (CryptoException crypt) {
    System.out.println(crypt);
} catch (IOException ioe) {
    System.out.println(ioe.toString());
}

这篇关于黑莓应用程序安装SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！