犯罪嫌疑人X
这里基本上有两个选项:将自签名证书添加到jvm信任库,或者将客户端配置为备选案文1从浏览器导出证书并将其导入JVM信任库(以建立信任链):\bin\keytool -import -v -trustcacerts-alias server-alias -file server.cer-keystore cacerts.jks -keypass changeit-storepass changeit备选案文2禁用证书验证:// Create a trust manager that does not validate certificate chainsTrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
} }; // Install the all-trusting trust managertry {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());} catch (GeneralSecurityException e) {}
// Now you can access an https URL without having the certificate in the truststoretry {
URL url = new URL("https://hostname/index.html"); } catch (MalformedURLException e) {}请注意我根本不推荐选项2。..禁用信任管理器会破坏SSL的某些部分,使您在中间攻击中容易受到人为攻击。更喜欢选项1,或者更好的是,让服务器使用由知名CA签名的“真实”证书。