0
我在使用Java連接SSL時遇到問題。錯誤Java連接使用SSL證書的HTTPS
我使用java 1.7.80和S.O. :ubuntu 14.04
我的問題是證書,甚至證書。我有四個元素必須使用pkcs12格式連接。
testservizi.fattura.it.cer - 標識該遠程服務器>證書
SDI-11036210158 - >客戶端證書的
CAEntratetest.cer - >證書CA
private.key - >私鑰
1)步驟 - 將文件cer轉換爲文件pem
$ openssl x509 -in CAEntratetest.cer -outform PEM -out CAEntratetest.pem
$ openssl x509 -in SDI-11036210158.cer -inform DER -out SDI-11036210158.pem -outform PEM
$ openssl x509 -in testservizi.fatturapa.it.cer -inform DER -out testservizi.fatturapa.it.pem -outform PEM
2)步驟 - 聯合PEM文件創建鏈證書
$ cat CAEntratetest.pem SDI-11036210158.pem testservizi.fatturapa.it.pem > sum_cert.pem
3)步驟 - 創建P12文件
$ openssl pkcs12 -export -in sum_cert.pem -inkey private.key -out sogei_auth.p12 -name sogei_auth
確定。我的第一個測試是在瀏覽器(Mozilla Firefox)中導入p12文件以驗證操作。 導入成功,在這一點上我輸入網址
https://testservizi.fatturapa.it/ricevi_file
,他回答:
您好!這是一個Axis2 Web服務!
..完美的作品!
現在我必須使它與Java工作,我創建一個測試客戶端
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class TestHTTPSClient {
public static void main(String[] args) throws Exception {
SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(new File("C:/testSSL/sogei_auth.p12"), "changeit".toCharArray()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://testservizi.fatturapa.it/ricevi_file");
System.out.println("executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
}
2)更改格式密鑰存儲在java.security,否則您無法讀取該文件P12
keystore.type=jks
變化成
keystore.type=pkcs12
3)啓動在Java測試,我回答了一個錯誤
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
..
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 26 more
你可以幫我...