问题描述
我试图在java中使用HttpURLConnection进行HTTP GET请求。
当我使用浏览器时,它说我证书不可信,你想继续。
我接受证书和GET请求获取数据。但我在Java中获得证书异常(下面给出)
我从这个异常中了解到,我需要下载该证书并将此
java系统财产berfore使GET请求。
我的问题是。
- 这个证书来自浏览器?
- 我可以在我的java程序中使用浏览器的证书存储,我需要知道如何使用它?
- 想要在我的密钥库中安装证书,那么我需要做什么?
感谢一下:
我试图使用keytool命令下载证书。我不知道证书在服务器中的存储位置,但我给出了我在浏览器和浏览器中使用的服务器路径,表示证书不受信任。
网址gatewayServiceUrl =新网址(http://192.168.55.179:56400/nwa);
HttpURLConnection连接=(HttpURLConnection)gatewayServiceUrl.openConnection();
connection.setRequestMethod(GET);
connection.setRequestProperty(Authorization,getExample.getBasicAuth());
connection.connect();
if(HttpURLConnection.HTTP_OK == connection.getResponseCode()){
System.out.println(success);
System.out.println(getExample.getDataFromStream(connection.getInputStream()));
} else {
System.out.println(success);
System.out.println(getExample.getDataFromStream(connection.getErrorStream()));
}
System.out.println(connection.getResponseCode());
线程main中的异常javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:在sun.security.ssl.Alerts.getSSLException(未知源)
处找不到要求的目标的有效证书路径
.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
在sun.security.ssl.ClientHandshaker.serverCertificate(未知源)
在sun.security.ssl.ClientHandshaker.processMessage(未知源)
在sun.security.ssl.Handshaker.processLoop(未知源)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (未知Sou rce)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol .https.HttpsClient.afterConnect(未知来源)
在sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(未知来源)
在sun.net.www.protocol.https.HttpsURLConnectionImpl.connect (Unknown Source)
在com.testweb.GetExample.main(GetExample.java:18)
导致:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath .SunCertPathBuilderException:在sun.security.validator.PKIXValidator.doBuild(未知源)
处找不到要求的目标
的有效证书路径sun.security.validator.PKIXValidator.engineValidate(未知源)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.sec urity.ssl.X509TrustManagerImpl.checkTrusted(未知源)
在sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(未知源)
... 12多
由sun.security.provider .certpath.SunCertPathBuilderException:在sun.security.provider.certpath.SunCertPathBuilder.engineBuild(未知源代码)处找不到要求的目标
的有效证书路径。在java.security.cert.CertPathBuilder.build处获得
(未知来源)
您必须添加您的发卡行CA服务器证书(或者直接将服务器证书用于例如您的cds被自签名)到信任库以避免PKIX路径生成器异常。
默认情况下java truststore是在JAVA_HOME / jre / lib / security / cacerts上(可以指定具有javax.net.ssl.trustStore属性的另一个信任存储)。为此,请首先下载服务器证书。您可以下载服务器证书,例如使用Chrome连接到服务器URL并单击绿色锁,然后选择标签连接并单击证书信息:
然后把这个证书保存在光盘上。
现在您必须将此证书添加到java信任存储区,您可以使用java keytool(如果在您的路径中使用keytool,如果不是keytool位于JAVA_HOME / bin / keytool):
$ b
keytool -import -trustcacerts -alias myServerCertificate -file path / myServerCert.crt -keystore JAVA_HOME / jre / lib / security / cacerts
cacerts的默认密码是: changeit
希望这有助于,
I am trying to make HTTP GET request using HttpURLConnection in java.When I make get using browser it says me certificate is not trusted do you want to proceed.I accept certificate and GET request get data. but i am getting certificate exception in java( given below )
What i understood from this exception is, I need to download that certificate and put thisjava system property berfore making GET request.
My questions are.
- How will download this certificate from browser?
- Can I use browser's certificate store in my java program, what do I need to know to use that?
- If i want to install certificate in my keystore then what do I need to do?
THANKS A LOT :)
I am trying to download certificate using keytool command. I do not have any idea where certificate is stored in server, but i gave the path of server which i use in browser and browser says certificate is not trusted.
URL gatewayServiceUrl = new URL("http://192.168.55.179:56400/nwa");
HttpURLConnection connection = (HttpURLConnection) gatewayServiceUrl.openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Authorization", getExample.getBasicAuth());
connection.connect();
if (HttpURLConnection.HTTP_OK == connection.getResponseCode()) {
System.out.println("success");
System.out.println(getExample.getDataFromStream(connection.getInputStream()));
} else {
System.out.println("success");
System.out.println(getExample.getDataFromStream(connection.getErrorStream()));
}
System.out.println(connection.getResponseCode());
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.testweb.GetExample.main(GetExample.java:18)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
You have to add the issuer CA's of your server certificate (or directly the server certificate in case of for example your cds is selfsigned) to the truststore in order to avoid PKIX path builder exception.
By default java truststore is on JAVA_HOME/jre/lib/security/cacerts (you can specify another trust store with javax.net.ssl.trustStore property).
To do this, first download the server certificate. You can download the server certificate for example with Chrome connecting to the server url and click on the green lock, then select the tab connection and click on certificate information:
Then save this certificate on disc.
Now you have to add this certificate to java trust store, you can do it with java keytool (if is in your path use keytool if not keytool is on JAVA_HOME/bin/keytool):
keytool -import -trustcacerts -alias myServerCertificate -file path/myServerCert.crt -keystore JAVA_HOME/jre/lib/security/cacerts
The default password for cacerts is: changeit
Hope this helps,
这篇关于在java程序中使用浏览器的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!