在java中使用自签名证书 [英] Using Self Signed certificate in java

问题描述

我想连接到sms网关。我发现了以下代码。

I want to connect to a sms gateway. I found the following code.

public void smsSender(String username, String password, String to,
        String text) throws IOException {

    try {
        String data = "username=" + username + "&password=" + password
                + "&to=" + to + "&text=" + text;

        URL url = new URL("https://sendsms.abc.com:1010/sms.php");

        HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
        urlc.setRequestMethod("POST");
        urlc.setDoOutput(true);
        urlc.setRequestProperty("Content-type",
                "application/x-www-form-urlencoded");

        BufferedWriter br = new BufferedWriter(new OutputStreamWriter(
                urlc.getOutputStream()));

        br.write(data);
        br.flush();

        BufferedReader rd = new BufferedReader(new InputStreamReader(
                urlc.getInputStream()));
        String line;
        while (null != ((line = rd.readLine()))) {
            output = line;
            System.out.println(output);
        }

        rd.close();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

$ b当我尝试使用此方法连接时，Eclipse会发送错误信息。

When i try to connect using this method Eclipse sends an error message.

无法找到要求目标的有效认证路径

unable to find valid certification path to requested target

我尝试访问的服务器正在使用自签名证书。我是这个领域的新手。我如何解决这个问题。提前感谢：）

The server that i'm trying to access is using self signed certificate. I'm new to this field. How can i solve this problem. Thanks in advance :)

推荐答案

要通过SSL进行远程方法调用，客户端需要信任服务器的证书。正如你所说的服务器有一个自签名证书，你的客户端需要显式配置为信任证书，否则连接失败。
要在客户端和服务器的自签名证书之间创建信任关系，请按照以下步骤

To make remote method invocations over SSL, a client needs to trust the certificate of the server. As you said the server has a self-signed certificate, you client needs to be explicitly configured to trust the certificate else the connection fails. To create a trust relationship between a client and server's self-signed certificate, follow the steps mentioned below,

1. 首先你应该在你的客户端获得服务器证书。
   
   我知道的方式是，即在浏览器
   中访问服务器url，并获取服务器的证书，并将其导入浏览器。可能还有其他方法获取服务器证书
   ，但您必须进行探索。

1. First you should get the server certificate on your client side.
   For that the way I know of is, i.e. hit the server url in a browser and get the server's certificate and import it in the browser. There might be other ways of getting the server certificate but you'll have to explore.

现在将公钥导出为证书浏览器到
客户端。让它成为server.cer。

Now export the public key as a certificate from the browser to the client. let it be server.cer.

现在，创建客户端密钥库

Now, create the client keystore

keytool -genkey -alias clientkeys -keyalg RSA -keystore
client.keystore -storepass 123456 -keypass 123456 -dname
CN = localhost，OU = MYOU，O = MYORG，L = MYCITY， S = MYSTATE，C = MY

keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE, C=MY"

创建客户端证书

create the client certificate

keytool -export -alias clientkeys -keystore client.keystore -storepass
123456 -file client.cer

keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer

现在，将服务器证书导入客户端信任库。

Now, import the server certificate to the client trust store.

keytool -import -alias serverCert - keystore client.truststore
-storepass clientcert -file server.cer

keytool -import -alias serverCert -keystore client.truststore -storepass clientcert -file server.cer

现在载入客户端密钥库erickson在
中的评论

now load the client keystore as mentioned in erickson's comment in the link provided by Werner.

如果事情仍不清楚，请告诉我。但我建议你阅读一些关于谷歌的文档关于客户端和服务器之间的SSL握手。

Let me know if things are still not clear. But I suggest you read some documentation on google related to SSL Handshaking between a client and a server.

这篇关于在java中使用自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！