0
我在使用Java连接SSL时遇到问题。错误Java连接使用SSL证书的HTTPS
我使用java 1.7.80和S.O. :ubuntu 14.04
我的问题是证书,甚至证书。我有四个元素必须使用pkcs12格式连接。
testservizi.fattura.it.cer - 标识该远程服务器>证书
SDI-11036210158 - >客户端证书的
CAEntratetest.cer - >证书CA
private.key - >私钥
1)步骤 - 将文件cer转换为文件pem
$ openssl x509 -in CAEntratetest.cer -outform PEM -out CAEntratetest.pem
$ openssl x509 -in SDI-11036210158.cer -inform DER -out SDI-11036210158.pem -outform PEM
$ openssl x509 -in testservizi.fatturapa.it.cer -inform DER -out testservizi.fatturapa.it.pem -outform PEM
2)步骤 - 联合PEM文件创建链证书
$ cat CAEntratetest.pem SDI-11036210158.pem testservizi.fatturapa.it.pem > sum_cert.pem
3)步骤 - 创建P12文件
$ openssl pkcs12 -export -in sum_cert.pem -inkey private.key -out sogei_auth.p12 -name sogei_auth
确定。我的第一个测试是在浏览器(Mozilla Firefox)中导入p12文件以验证操作。 导入成功,在这一点上我输入网址
https://testservizi.fatturapa.it/ricevi_file
,他回答:
您好!这是一个Axis2 Web服务!
..完美的作品!
现在我必须使它与Java工作,我创建一个测试客户端
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class TestHTTPSClient {
public static void main(String[] args) throws Exception {
SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("C:/testSSL/sogei_auth.p12"), "changeit".toCharArray()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://testservizi.fatturapa.it/ricevi_file");
System.out.println("executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
}
2)更改格式密钥存储在java.security,否则您无法读取该文件P12
keystore.type=jks
变化成
keystore.type=pkcs12
3)启动在Java测试,我回答了一个错误
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
..
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 26 more
你可以帮我...