以编程方式在Java中添加受信任的证书 [英] Programmatically adding a trusted cert in Java
问题描述
我使用SSL在用Java编写的两个组件之间进行通信。我不能使用CA,所以我必须自我签名。不幸的是,这意味着当我尝试握手时,我得到一个SunCertPathBuilderException。我可以创建我自己的X509TrustManager,它只信任所有东西,但是那种方式违背了签署证书的目的。
I use SSL to communicate between two components written in Java. I can't use a CA, so I have to self-sign everything. Unfortunately, this means that when I try to handshake, I get a SunCertPathBuilderException. I can create my own X509TrustManager that just trusts everything, but that sort of defeats the purpose of having a signed cert.
我想在第一次建立连接时,用使用无效证书进行SSL握手。向用户添加证书?提示用户。或者某些东西,所以他们可以将它们添加到他们的证书商店,就像Web浏览器在具有无效证书的站点那样。我可以在网上找到很多通过命令行向商店添加证书的例子,但我无法弄清楚如何以编程方式进行。有没有办法做到这一点?
I would like, when first making the connection, to prompt the user with "SSL handshake with invalid cert. Add cert to store?" or something so they could have it added for them to their certificate store, like web browsers do at sites with invalid certs. I can find plenty of examples online of adding a cert to the store through the commandline, but I can't figure out how to do it programmatically. Is there a way to do this?
推荐答案
是的,这是可能的。
有一些代码这里。我不得不修改它来做我想做的事情,我怀疑你也会这样做但是这应该让你接近 - 你不是想要导入一个键,所以理论上你应该能够简化一些事情。在任何情况下,您都可以了解您需要什么。
There is some code here that I've used before. I had to modify it to do what I wanted and I suspect that you will too but this should get you close - you aren't trying to import a key so theoretically you should be able to simplify things. In any case you can get an idea of what you'll need.
java.security.KeyStore 也很有用。
这篇关于以编程方式在Java中添加受信任的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
