zoukankan      html  css  js  c++  java
  • 本地Java程序访问HTTPs遇到的问题

    本地测试程序需要访问HTTPs,

    String urlPath = "https://192.168.10.88/xxx/login?username=" + userName + "&password=" + password;
    URL url = new URL(urlPath);
    connection = (HttpURLConnection)url.openConnection();
    connection.connect();

     

     抛出异常:

    javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
    
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
    
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
    

     根据

    1. http://www.mkyong.com/webservices/jax-ws/java-security-cert-certificateexception-no-name-matching-localhost-found/
    2. http://bluefoot.info/howtos/how-to-avoid-java-security-cert-certificateexception-no-name-matching-localhost-found/

     

    在程序中添加

    static {
            //for localhost testing only
            javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
            new javax.net.ssl.HostnameVerifier(){
                public boolean verify(String hostname,
                        javax.net.ssl.SSLSession sslSession) {
                    if (hostname.equals("localhost")) {
                        return true;
                    }
                    return false;
                }
            });
        }

     抛出异常

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)

     说明需要导入192.168.10.88的证书到本地%JAVA_HOME%/jre/lib/security/cacerts

    1. > keytool -import -file d:httpsserver.crt -keystore "%JAVA_HOME%jrelibsecuritycacerts" -alias 88server
    2. javacacerts证书库的默认密钥库密码是changeit
    3. 再次验证是否成功导入:
    4. > keytool -list -keystore "%JAVA_HOME%jrelibsecuritycacerts" | findstr /i 88server

    一切OK.

  • 相关阅读:
    DOS命令如何删除文件和文件夹
    屏蔽电信流氓弹出广告
    Wcf客户端配置里Endpoint的Name属性无效
    正则替换中的一个Bug
    【原】解决 iframe 在 iPad 上不能滚动的问题
    【原】JSON.parse() 和 JSON.stringify()
    【原】SQL 使用 PIVOT 和 UNPIVOT 行转列 列转行
    【原】How to fix: Handler “PageHandlerFactoryIntegrated” has a bad module “ManagedPipelineHandler” in its module list
    【原】DES Encrypt / Decrypt
    【原】JSON.parse() 和 JSON.stringify()
  • 原文地址:https://www.cnblogs.com/wangyinhui/p/3992672.html
Copyright © 2011-2022 走看看