我在我的電腦上安裝了一個Apache 2服務器上的localy。首先,我使用單向SSL配置它,並嘗試從Android連接它。爲了配置我自己的單向SSL Apache 2服務器,我必須創建服務器證書。我用下面的commmands做到了:Android中的雙向SSL:客戶端驗證不起作用
的OpenSSL genrsa -out server.key 2048
OpenSSL的REQ -config ./openssl.cnf -new -key server.key -out server.req
OpenSSL的X509 -req -in server.req -CA ca.cer -CAkey的ca.key -set_serial 100 -extfile openssl.cnf中-Extensions服務器-days 365 -outform PEM -out server.cer
然後,我拿了server.cer文件並使用java keytool將其轉換爲BKS。從Android的身份驗證工作。 然後,我繼續使用我的Apache 2服務器 的雙向SSL配置,並嘗試從Android進行交流。我沒有管理,使其工作... 我用下面的命令來創建客戶端證書:
OpenSSL的REQ -config ./openssl.cnf -newkey RSA:2048 -nodes -keyform PEM - KEYOUT的ca.key -x509 -days 3650 -Extensions程序certauth -outform PEM退房手續 ca.cer
的OpenSSL genrsa -out client.key 2048
OpenSSL的REQ -config ./openssl.cnf -new -key client.key -out client.req
ope NSSL X509 -req -in client.req -CA ca.cer -CAkey的ca.key -set_serial 101 -extfile openssl.cnf中-Extensions客戶-days 365 -outform PEM -out client.cer
OpenSSL的PKCS12 - export -inkey client.key -in client.cer -out client.p12
它導入client.p12文件後從PC瀏覽器運行。 對於Android,我將client.p12文件轉換爲BKS格式(使用Portecle工具),但似乎不起作用。也許轉換不正確?!我總是得到javax.net.ssl.SSLPeerUnverifiedException:沒有對等證書異常。有沒有人有任何想法可能是什麼問題? 這是Android代碼:
public class SslTestActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try {
// load truststore certificate
InputStream clientTruststoreIs = getResources().openRawResource(
R.raw.server);
KeyStore trustStore = KeyStore.getInstance("BKS");
trustStore.load(clientTruststoreIs, "mypassword".toCharArray());
System.out.println("---- Loaded server certificates: "
+ trustStore.size());
// load client certificate
InputStream keyStoreStream = getResources().openRawResource(
R.raw.clientt);
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(keyStoreStream, "password".toCharArray());
System.out
.println("-------Loaded client certificates: " + keyStore.size());
// initialize SSLSocketFactory to use the certificate
SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS,
keyStore, "password", trustStore, null, null);
// Set basic data
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "UTF-8");
// Register http/s shemas!
SchemeRegistry schReg = new SchemeRegistry();
schReg.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
schReg.register(new Scheme("https", socketFactory, 443));
ClientConnectionManager conMgr = new ThreadSafeClientConnManager(
params, schReg);
DefaultHttpClient sClient = new DefaultHttpClient(conMgr, params);
try {
String res = executeHttpGet(sClient, "https://10.41.0.102/");
System.out.println("------- SSL RESULT IS = " + res);
} catch (Exception e) {
System.out.println("---- ex " + e.getMessage());
e.printStackTrace();
}
} catch (Exception e) {
System.out.println("------Exception " + e.getMessage());
e.printStackTrace();
}
}
public String executeHttpGet(DefaultHttpClient client, String url) throws Exception {
BufferedReader in = null;
try {
HttpGet request = new HttpGet();
request.setURI(new URI(url));
HttpResponse response = client.execute(request);
in = new BufferedReader(new InputStreamReader(response
.getEntity().getContent()));
StringBuffer sb = new StringBuffer("");
String line = "";
String NL = System.getProperty("line.separator");
while ((line = in.readLine()) != null) {
sb.append(line + NL);
}
in.close();
String result = sb.toString();
return result;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}}
謝謝