This question already has answers here:
How can I get a list of trusted root certificates in Java?
                                
                                    (2个答案)
                                
                        
                                2年前关闭。
            
                    
使用以下代码时,将不会列出根CA证书

URL destinationURL = new URL("https://google.com");
HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection();
        conn.connect();
Certificate[] certs = conn.getServerCertificates();


如何获取根CA(此处为GeoTrust Global CA)。我应该使用CertPathBuilder吗?

java - 如何获得网站的根CA?-LMLPHP

这是我用于建立认证路径的示例代码

// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);

// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
     trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}

// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(
            trustAnchors, selector);

// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);

// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);

// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder
            .build(pkixParams);


但是如何获得trustedRootCertsintermediateCerts?还是有完全不同的方式?

编辑

This问题回答了如何获取受信任的根CA,我想intermediateCertsconn.getServerCertificates();。在选择器selector.setCertificate(cert);中应设置什么证书?

最佳答案

GeoTrust Global CA证书应该已经在Java安装的cacerts文件中,除非它是新证书,并且您使用的是旧Java版本。

屏幕快照看起来像是显示证书路径的Web浏览器,如果您信任它,则可以从那里保存证书。

请注意,Web服务器不应发送根证书,因此服务器正在做正确的事情。

关于java - 如何获得网站的根CA? ,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/48047265/

10-15 18:57