信任已過期的證書

Question

我的客戶端在與具有過期證書的https服務器通信時出現以下錯誤。雖然我們正在等待通過續訂來修復服務器端，但我想知道是否可以通過將過期證書添加到我們自己的信任存儲區來傳遞此錯誤？這使我們可以在等待證書更新的同時獲得一些測試時間。

US has an end date Thu Sep 08 19:59:59 EDT 2011 which is no longer valid. 
[4/17/13 19:22:55:618 EDT] 00000021 SystemOut  O WebContainer : 0, SEND TLSv1 ALERT: fatal, description = certificate_unknown 
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut  O WebContainer : 0, WRITE: TLSv1 Alert, length = 2 
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut  O WebContainer : 0, called closeSocket() 
[4/17/13 19:22:55:620 EDT] 00000021 SystemOut  O WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=Thawte SSL CA, O="Thawte, Inc.", C=US is not trusted; internal cause is: 

Answer 1

使用以下代碼來信任所有證書。 注意：不要在生產

try { 
     SSLContext ctx = SSLContext.getInstance("TLS"); 
     ctx.init(new KeyManager[0], new TrustManager[] { new X509TrustManager() { 
      @Override 
      public void checkClientTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {} 

      @Override 
      public void checkServerTrusted(X509Certificate[] x509Certificates, String name) throws CertificateException {} 

      @Override 
      public X509Certificate[] getAcceptedIssuers() { 
       return null; 
      } 
     } }, new SecureRandom()); 

     SSLContext.setDefault(ctx); 
    } catch (Exception e) { 
     throw new RuntimeException(e); 
    }