Apache Http客户端SSL证书错误
我知道它之前已被问过,但我尝试了所有我找到的解决方案,但仍然无法正常工作。Apache Http客户端SSL证书错误
基本上,我试图通过Apache Http Client(4.3)获取一些内容,并且我连接的网站存在一些SSL问题。
首先,我得到了SSLException
和unrecognized_name
的消息。我试图通过将jsse.enableSNIExtension
属性设置为false
来解决此问题。
然后,我得到这个异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我又试图提供我亿韩元SSLFactory
,将接受所有证书,但我仍然得到同样的异常。这里是我的代码:
private static void sslTest() throws Exception {
System.setProperty("jsse.enableSNIExtension", "false");
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.useTLS()
.build();
SSLConnectionSocketFactory connectionFactory =
new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier());
CookieStore cookieStore = new BasicCookieStore();
HttpClientContext context = HttpClientContext.create();
context.setCookieStore(cookieStore);
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(connectionFactory)
.setDefaultCookieStore(cookieStore)
.build();
URI uri = new URIBuilder()
.setScheme("https")
.setHost(BASE_URL)
.build();
String responseBody = httpclient.execute(new HttpGet(uri), RESPONSE_HANDLER);
}
所有帮助非常感谢!
另请注意,信任自签名证书并不意味着相信任何任意证书。尝试建立您的SSL背景是这样的:
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
return true;
}
})
.useTLS()
.build();
也请注意,一般信任的证书胡乱击败首先使用SSL的目的。使用在绝对必要的或只用于测试
工作就像魅力。用'HttpClientBuilder'这是如何创建一个实例 - SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext); CloseableHttpClient client = HttpClientBuilder.create()。setSSLSocketFactory(sslsf).build();' –
您的信任库不信任服务器证书。
允许所有主机名是一个HTTPS步骤,只能调用如果证书是可信的。
在HTTP客户端4.5.2:
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
return true;
}
})
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext,
NoopHostnameVerifier.INSTANCE);
然后:
HttpClientBuilder builder = HttpClients.custom().setSSLSocketFactory(sslsf);
以下是Apache 4X相信一切
static {
// avoid error javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
System.setProperty("jsse.enableSNIExtension", "false");
}
public static HttpClientBuilder createTrustAllHttpClientBuilder() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, (chain, authType) -> true);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
return HttpClients.custom().setSSLSocketFactory(sslsf);
}
catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IllegalStateException(e);
}
}
请在另一个问题看我的答案:https://*.com/a/45734000/8477758 – EyouGo