在Java客户机中接受服务器的自签名SSL证书

[HttpMethodDirector] I/O exception (javax.net.ssl.SSLHandshakeException) caught 
when processing request: sun.security.validator.ValidatorException: PKIX path 
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

3回答

九州编程

ApacheHttpClient 4.5支持接受自签名证书：SSLContext&nbsp;sslContext&nbsp;=&nbsp;SSLContexts.custom() &nbsp;&nbsp;&nbsp;&nbsp;.loadTrustMaterial(new&nbsp;TrustSelfSignedStrategy()) &nbsp;&nbsp;&nbsp;&nbsp;.build();SSLConnectionSocketFactory&nbsp;socketFactory&nbsp;= &nbsp;&nbsp;&nbsp;&nbsp;new&nbsp;SSLConnectionSocketFactory(sslContext);Registry<ConnectionSocketFactory>&nbsp;reg&nbsp;= &nbsp;&nbsp;&nbsp;&nbsp;RegistryBuilder.<ConnectionSocketFactory>create() &nbsp;&nbsp;&nbsp;&nbsp;.register("https",&nbsp;socketFactory) &nbsp;&nbsp;&nbsp;&nbsp;.build();HttpClientConnectionManager&nbsp;cm&nbsp;=&nbsp;new&nbsp;PoolingHttpClientConnectionManager(reg);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CloseableHttpClient&nbsp;httpClient&nbsp;=&nbsp;HttpClients.custom() &nbsp;&nbsp;&nbsp;&nbsp;.setConnectionManager(cm) &nbsp;&nbsp;&nbsp;&nbsp;.build();HttpGet&nbsp;httpGet&nbsp;=&nbsp;new&nbsp;HttpGet(url);CloseableHttpResponse&nbsp;sslResponse&nbsp;=&nbsp;httpClient.execute(httpGet);这将生成一个SSL套接字工厂，它将使用TrustSelfSignedStrategy，将其注册到自定义连接管理器，然后使用该连接管理器进行HTTP获取。我同意那些高呼“不要在生产中这样做”的人，但是在生产之外接受自签名证书的用例是有的；我们在自动集成测试中使用它们，所以即使在生产硬件上没有运行，我们也使用SSL(就像在生产中一样)。

0

0

0