如何使用PEM文件在Java中创建SSL套接字? [英] How to use PEM file to create a SSL socket in Java?
问题描述
我有一个PEM文件提供给我,并被告知,它将需要建立一个SSL套接字连接到一个c ++服务器的一些API调用。有谁知道我如何读取PEM文件和连接?我也得到了密码。
I have a PEM file provided to me and was told that it will be needed in establishing a SSL socket that connects to a c++ server for some API calls. Does anyone know how I can read in the PEM file and connect? I was also given the parapharse password.
推荐答案
听起来像PEM文件是一个客户端证书,服务器。如果是客户端证书,它听起来像是,您可能需要一个ca证书文件也用于验证服务器证书,以建立连接。
It sounds like the PEM file is a client cert for you to use to login to the server. If it is the client cert, and it sounds like it is, you will likely need a ca cert file also to use in validating the servers certificate in order to establish a connection.
CA证书需要进入信任库,您的客户证书需要进入密钥库。在Java中,这两个都将是JKS(尽管它对PKCS12的支持有限)。对于JRE以及每个用户,都有默认的密钥库/信任库位置。您还可以在代码中为这些文件指定外部位置,如下面的示例所示。 commons-ssl库似乎能够直接支持PEM,而不需要JKS,但我没有使用它。
The CA certs need to go into a truststore and your client certs need to go into a keystore. In Java, both of these will be JKS (although it has limited support for PKCS12.) There are default keystore/truststore locations for the JRE as well as for each user. You can also specify external locations for these files in your code, as in the examples below. The commons-ssl library seems to be able to support PEM directly, without the need for JKS, but I haven't used it.
这些密钥库的默认密码短语Java是changeit,不带引号。
The default passphrase for these keystores in Java is "changeit" without the quotes.
此页面显示您必须将PEM读入您的密钥库/信任库。这里是另一个示例。
This page shows you have to read the PEM into your keystore/truststore. Here is another example.
一旦正确设置了信任库和密钥库,您需要传递以下 JSSE系统属性到您的JVM:
Once you have your truststore and keystore set up properly, you need to pass the following JSSE system properties to your JVM:
javax.net.ssl.keyStore
javax.net.ssl.keyStoreType
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStoreType
javax.net.ssl.trustStorePassword
您可以将它们指定为JRE的-D参数,或者如下面的示例中所示。
You may specify them as -D parameters to the JRE or, as in the examples below, programatically.
完成后, a href =http://juliusdavies.ca/commons-ssl/ssl.html =nofollow noreferrer> commons-ssl示例创建套接字。此外,请访问 SSLSocket 的Java API, a>。还有一个示例,不使用任何apache commons。
Once you finish that, heres a commons-ssl example of creating a socket. Also, heres the Java api for SSLSocket. Heres also an example that doesn't use any apache commons.
这篇关于如何使用PEM文件在Java中创建SSL套接字?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
