收藏:JavaMail使用SSL遇到安全证书问题

最新推荐文章于 2023-07-25 17:14:11 发布
最新推荐文章于 2023-07-25 17:14:11 发布
阅读量625 收藏 1
点赞数
文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_34130389/article/details/85136051
版权

 业务需求又发生的改变,登录模块中要用邮箱去验证,于是试试企业邮件服务器发邮件,结果使用SSL遇到

PKIX:nable to find valid certification path to requested target

通过搜索和查询资料发现CSDN上一篇文章给出了一个关键性的步骤-获取安全证书。

  原文地址:

http://blog.csdn.net/faye0412/article/details/6883879

 获取安全证书的代码收藏下来:

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class InstallCert {
    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out
                    .println("Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }
        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP + "lib"
                    + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();
        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf
                .getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[] { tm }, null);
        SSLSocketFactory factory = context.getSocketFactory();
        System.out
                .println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }
        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                System.in));
        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println(" " + (i + 1) + " Subject "
                    + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }
        System.out
                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }
        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);
        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();
        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out
                .println("Added certificate to keystore 'jssecacerts' using alias '"
                        + alias + "'");
    }
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }
    private static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;
        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }
}




   生成证书的方法:

   1.编译InstallCert.java

   2.执行java InstallCert host password

    例如:java InstalCert smtp.zhangsan.com:465 admin

    如果不加参数password和host的端口号,上面的获取证书程序中默认给的端口号是:443,密码是:changeit

   3.根据运行提示信息,输入1,回车,在当前目录下生成名为:jssecacerts 的证书

   4.重要:

     将证书放置到$JAVA_HOME/jre/lib/security目录下,切记该JDK的jre是工程所用的环境!!!


    收藏一篇http://www.360doc.com/content/10/1221/10/3356862_79997919.shtml 基于SSL的JavaMail文章。

weixin_34130389
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
JavaMail配置SSL服务器及安装证书
03-21
NULL 博文链接:https://fableking.iteye.com/blog/929726
spring中javaMail使用ssl的方法发送邮件,javaMail导入证书,忽略证书的方法
huang007guo的专栏
02-25 5408
使用配置 ## 基础邮箱配置(每个环境可以覆盖配置) # 发送者的邮箱地址 spring.mail.username=xxxx # 发送者的邮箱密码 spring.mail.password=xxx # 发送邮箱对应的SMTP地址 spring.mail.host=xxxx spring.mail.port=465 发送邮件是出现报错 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.
java发送邮件报SSL安全异常解决
blackwhite1992的博客
10-31 1853
阿里云邮箱安全认证,SSL网络安全链接,java发送阿里云邮件
java实现发送邮件认证以及邮箱找回密码
小菜鸟--成长之路的博客
04-21 485
本项目是前端点击企业认证,后端进行发送邮件认证,具体实现代码如下: package com.yh.producer.controller; import java.io.UnsupportedEncodingException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import ja
java程序通过腾讯邮箱发送邮件失败:javax.mail.AuthenticationFailedException: 535 Error: authentication failed, syste
G_x_n的博客
08-23 3039
java程序通过腾讯邮箱发送邮件失败:javax.mail.AuthenticationFailedException: 535 Error: authentication failed, syste
关于用javamail发送邮件时,由于邮件服务器要SSL,解决办法
03-24
总之,使用JavaMail发送邮件时遇到SSL/TLS需求,需要正确配置邮件会话属性,并处理可能的证书信任问题。通过`InstallCert.java`工具,我们可以解决自签名证书问题,确保邮件能够安全地发送到SSL/TLS保护的邮件...
javaMail.zip
07-09
- 安全问题,如需要确保邮件传输过程的安全,可能需要使用SSL/TLS加密。 为了便于开发者使用JavaMail 提供了多个版本,每个版本可能会修复已知的bug,增加新功能或优化性能。因此,如果你在项目中使用JavaMail...
javamail收发邮件加密和不加密
01-24
如果遇到自签名或不受信任的证书,可能需要自定义`javax.net.ssl.TrustManager`。 7. **示例代码**: - 创建SMTP会话时,可以配置如下的属性: ```java Properties props = System.getProperties(); props.put...
javamail源码
06-25
3. **SSL/TLS 加密**:为了保护用户隐私,现代 SMTP 客户端通常会使用 SSL/TLS 进行安全连接。开发者需要了解如何在 C++ 中启用 SSL/TLS 支持,并进行相应的证书验证。 4. **邮件格式**:SMTP 客户端需要知道如何...
#javamail发邮件遇到ssl验证问题
litong835881846的博客
11-09 2177
问题描述如下: 解决方案: 一、首先要在浏览器打开需要证书的网站,然后把证书下载下来,保存的证书名称随意命名,只要保证唯一性(这个唯一性下文有解释) 二、然后把证书复制到%JAVA_HOME%/jre/bin/路径下,即保证证书与keytool.exe文件同目录(其实不同也行,但是执行命令时需要指定路径) 三、导入过程如下: 前提:配置环境变量:export PATH=/usr/java/jdk...
JavaMailSender发送邮件账户连接超时问题
weixin_37096493的博客
03-21 2111
使用场景,公司要用飞书邮箱做一个公共邮箱用来发送邮件,qq邮箱和163邮箱这种有对外授权码的很容易实现,但是遇到了飞书这种提供公众邮箱需要配置端口的时候,一直得不到transport的响应,弄了半天才找到原因,记录一下: 不多bb先上正确的配置: 在这里说一下,smtp协议的端口有俩种,465和25,分别是基于ssl加密协议以及普通的协议端口 如果配置spring java mail的端口是25,protocol必须是smtp,如果配置的端口是465,protocol必须是smtps 理由:如果不指定
JavaMail如何使用SSL证书
最新发布
wodianping的博客
07-25 1068
JavaMailJava语言中用于发送和接收邮件的API,在使用JavaMail时我们可以选择使用SSL证书来提高邮件通信的安全性。在使用SSL证书时,我们需要先获取证书并保存到本地,然后在JavaMail中进行配置,并通过JavaMail提供的API发送和接收邮件。在上述代码中,我们设置了邮件传输协议为smtp,邮件服务器地址为smtp.example.com,开启邮件服务器认证,SMTP协议的端口号为465,启用SSL加密,并设置SSL协议的端口号为465。在使用SSL证书之前,我们需要先获取证书
java Mail发邮件 smtp被TLS加密认证不了的解决方案
热门推荐
小江的专栏
12-12 5万+
开始测试前,要确保发邮件的服务器的smtp服务可用。 不然会抛出异常: Sending the email to the following server failed : m.xxx.com:25 Caused by: javax.mail.AuthenticationFailedException: 334 NTLM supported 然后介绍下我的开发环境(conte
java 不验证证书,不带身份验证信任证书JavaMail SSL,无论如何
weixin_39526459的博客
02-24 365
I have a local mail server (hMailServer) with SSL (port 465) and a self-signed certificate.Domain is "foobar.com"I have setup my Properties to enable ssl, disable auth, and trust any hostprops.put("ma...
java https绕过服务器端证书
dawuafang
12-20 177
整这个代码真有够麻烦的。 先说原理吧,https网站服务器都是有证书的! 之所以google和12306表现不一,是因为12306的证书是什么 “SRCA”,铁道部自己的CA服务器签发的,并不被浏览器或操作系统(至少我的firefox就不认它)广泛接受! Google的证书也是Google的CA服务器签发的,不过被认可,没办法。。。 建行CCB的证书是VeriSign签发的,这个基本所有...
java发送邮件不需要验证_用javamail免认证方式发送邮件给163.com的用户的完整代码实例。......
weixin_35968240的博客
02-28 1826
java代码:---------------------------------------------------------------------------------------package com.lizongbo;import java.util.*;import javax.mail.internet.*;import javax.mail.*;/*** Title: javam...
java导入的包标红_java mail导入证书
weixin_30454067的博客
02-25 279
linux1.java mail导入证书:cd jdk1.6.0_13\jre\lib\securitykeytool -import -alias cacerts -keystore cacerts -file?$INSTALL/exchange_certnew.cer-trustcacerts标红处为证书的全路径此时命令行会提示你输入cacerts证书库密码java中cacerts证书库默认密...
Java实现邮箱验发送证码、代码示例【qq邮箱】
苏凯的博客
09-05 1126
一.进入发送者邮箱设置参数,这里以qq邮箱为例: 开启服务: 需要发送验证码: 授权码就是登入邮箱的密码:   导入邮件Jar包: 自己网上下载 邮件发送工具包 MailUtils.java package com.common.utils; import java.util.Properties; import javax.mail.Authentica...
全文检索邮件代理服务平台:JavaMail与Lucene实现
“支持全文检索的邮件代理服务平台——用户注册管理及JavaMail的应用与实现”是一个基于J2EE规范构建的系统,旨在解决用户对多个邮箱的管理问题,并提供全文检索功能。该系统利用JavaMailAPI处理邮件的发送和接收,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值