首页 文章

如何使用Apache HttpClient处理无效的SSL证书?

提问于
浏览
113

我知道,关于这个问题有很多不同的问题和很多答案...但我无法理解......

我有:ubuntu-9.10-desktop-amd64 NetBeans6.7.1从“关闭”按“原样”安装 . 代表 . 我需要通过HTTPS连接到某个站点 . 为此我使用Apache的HttpClient .

从教程我读到:

“一旦正确安装了JSSE,通过SSL进行的安全HTTP通信就应该如此
简单的HTTP通信 . “还有一些例子:

HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://www.verisign.com/"); 
try { 
  httpclient.executeMethod(httpget);
  System.out.println(httpget.getStatusLine());
} finally {
  httpget.releaseConnection();
}

到现在为止,我写道:

HttpClient client = new HttpClient();

HttpMethod get = new GetMethod("https://mms.nw.ru");
//get.setDoAuthentication(true);

try {
    int status = client.executeMethod(get);
    System.out.println(status);

    BufferedInputStream is = new BufferedInputStream(get.getResponseBodyAsStream());
    int r=0;byte[] buf = new byte[10];
    while((r = is.read(buf)) > 0) {
        System.out.write(buf,0,r);
    }

} catch(Exception ex) {
    ex.printStackTrace();
}

结果我有一组错误:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
        at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        at simpleapachehttp.Main.main(Main.java:41)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
        at sun.security.validator.Validator.validate(Validator.java:235)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
        ... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
        ... 23 more

我该怎么做才能创建最简单的SSL连接? (可能没有KeyManager和信任经理等 . )

java ssl https httpclient

18 回答

  • 152

    一旦你有了一个Java Cert Store(通过使用上面创建的优秀的InstallCert类),你可以通过在java启动时传递"javax.net.ssl.trustStore" param来让java使用它 .

    例如:

    java -Djavax.net.ssl.trustStore=/path/to/jssecacerts MyClassName
    回复于
  • 1

    https://mms.nw.ru使用自签名证书,该证书显然不包含在默认的信任管理器集中 .

    您需要执行以下操作之一:

    • 使用接受任何证书的TrustManager配置SSLContext(参见下文)

    • 使用包含证书的相应信任存储配置SSLContext

    • 将该站点的证书添加到默认的Java信任库 .

    这是一个示例程序,它创建一个(几乎毫无 Value 的)SSL上下文,它接受任何证书:

    import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SSLTest {

    public static void main(String [] args) throws Exception {
        // configure the SSLContext with a TrustManager
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);

        URL url = new URL("https://mms.nw.ru");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
        System.out.println(conn.getResponseCode());
        conn.disconnect();
    }

    private static class DefaultTrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }
}
    回复于
  • 0

    https://mms.nw.ru可能使用非认证机构颁发的证书 . 因此,您需要将证书添加到受信任的Java密钥存储区,如unable to find valid certification path to requested target中所述:

    在使用以https协议运行的启用SSL的服务器的客户端上工作时,如果服务器证书不是由证书颁发机构颁发,而是自签名或已颁发,则可能会收到错误“无法找到所请求目标的有效证书路径”通过私人CMS . 不要惊慌 . 如果客户端是用Java编写的,那么您需要做的就是将服务器证书添加到受信任的Java密钥存储区 . 您可能想知道如何无法访问安装服务器的计算机 . 有一个简单的程序可以帮助你 . 请下载Java程序并运行%java InstallCert web_site_hostname
    此程序打开与指定主机的连接并启动SSL握手 . 它打印出现的错误的异常堆栈跟踪,并显示服务器使用的证书 . 现在,它会提示您将证书添加到受信任的KeyStore . 如果您改变主意,请输入“q” . 如果您确实要添加证书,请输入“1”或其他数字以添加其他证书,甚至是CA证书,但您通常不希望这样做 . 一旦做出选择,程序将显示完整的证书,然后将其添加到当前目录中名为“jssecacerts”的Java KeyStore . 要在程序中使用它,请将JSSE配置为将其用作信任库,或将其复制到$ JAVA_HOME / jre / lib / security目录中 . 如果您希望所有Java应用程序将证书识别为受信任而不仅仅是JSSE,您还可以覆盖该目录中的cacerts文件 . 毕竟,JSSE将能够与主机完成握手,您可以通过再次运行程序来验证 . 要获得更多详细信息,您可以查看Leeland的博客不再“无法找到要求目标的有效证书路径”

    回复于
  • 0

    除了Pascal Thivent的正确答案之外,另一种方法是从Firefox(查看证书 - >详细信息 - >导出)或 openssl s_client 保存证书并将其导入信任库 .

    只有在有办法验证证书时才应该这样做 . 如果失败了,在第一次连接时执行此操作,如果证书在后续连接中意外更改,则至少会给您一个错误 .

    要在信任库中导入它,请使用:

    keytool -importcert -keystore truststore.jks -file servercert.pem

    默认情况下,默认信任库应为 lib/security/cacerts ,其密码应为 changeit ,有关详细信息,请参阅JSSE Reference guide .

    如果你没有't want to allow that certificate globally, but only for these connections, it'可以为它创建一个 SSLContext

    TrustManagerFactory tmf = TrustManagerFactory
    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream("/.../truststore.jks");
ks.load(fis, null);
// or ks.load(fis, "thepassword".toCharArray());
fis.close();

tmf.init(ks);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);

    然后,您需要为Apache HTTP Client 3.x设置它,如果它的SecureProtocolSocketFactory使用此 SSLContext ,则执行一个 . (有例子here) .

    Apache HTTP Client 4.x(除了最早的版本)直接支持传递 SSLContext .

    回复于
  • 2

    来自http://hc.apache.org/httpclient-3.x/sslguide.html

    Protocol.registerProtocol("https", 
new Protocol("https", new MySSLSocketFactory(), 443));
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod("https://www.whatever.com/");
try {
  httpclient.executeMethod(httpget);
      System.out.println(httpget.getStatusLine());
} finally {
      httpget.releaseConnection();
}

    哪里可以找到MySSLSocketFactory示例here . 它引用了 TrustManager ,您可以修改它以信任所有内容(尽管您必须考虑这一点!)

    回复于
  • 0

    Apache HttpClient 4.5方式:

    org.apache.http.ssl.SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
sslContextBuilder.loadTrustMaterial(new org.apache.http.conn.ssl.TrustSelfSignedStrategy());
SSLContext sslContext = sslContextBuilder.build();
org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
        new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());

HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslSocketFactory);
httpClient = httpClientBuilder.build();

    注意: org.apache.http.conn.ssl.SSLContextBuilderdeprecatedorg.apache.http.ssl.SSLContextBuilder 是新的(注意后者的包名中缺少 conn ) .

    回复于
  • 4

    对于Apache HttpClient 4.5和Java8:

    SSLContext sslContext = SSLContexts.custom()
        .loadTrustMaterial((chain, authType) -> true).build();

SSLConnectionSocketFactory sslConnectionSocketFactory =
        new SSLConnectionSocketFactory(sslContext, new String[]
        {"SSLv2Hello", "SSLv3", "TLSv1","TLSv1.1", "TLSv1.2" }, null,
        NoopHostnameVerifier.INSTANCE);
CloseableHttpClient client = HttpClients.custom()
        .setSSLSocketFactory(sslConnectionSocketFactory)
        .build();

    But if your HttpClient use a ConnectionManager for seeking connection, e.g. like this:

    PoolingHttpClientConnectionManager connectionManager = new 
         PoolingHttpClientConnectionManager();

 CloseableHttpClient client = HttpClients.custom()
            .setConnectionManager(connectionManager)
            .build();

    The HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory) has no effect ,问题没有解决 .

    因为HttpClient使用指定的connectionManager来寻求连接,并且指定的connectionManager没有注册我们的自定义SSLConnectionSocketFactory . 要解决此问题,应在connectionManager中注册自定义的SSLConnectionSocketFactory . 正确的代码应该是这样的:

    PoolingHttpClientConnectionManager connectionManager = new 
    PoolingHttpClientConnectionManager(RegistryBuilder.
                <ConnectionSocketFactory>create()
      .register("http",PlainConnectionSocketFactory.getSocketFactory())
      .register("https", sslConnectionSocketFactory).build());

CloseableHttpClient client = HttpClients.custom()
            .setConnectionManager(connectionManager)
            .build();
    回复于
  • 0

    您可能遇到的自签名测试证书的另一个问题是:

    java.io.IOException:HTTPS主机名错误:应该是......

    当您尝试访问HTTPS网址时会发生此错误 . 您可能已经将服务器证书安装到JRE的密钥库中 . 但是,此错误意味着服务器证书的名称与URL中提到的服务器的实际域名不匹配 . 当您使用非CA颁发的证书时,通常会发生这种情况 .

    此示例显示如何编写忽略证书服务器名称的HttpsURLConnection DefaultHostnameVerifier:

    http://www.java-samples.com/showtutorial.php?tutorialid=211

    回复于
  • 10

    有关在运行时轻松添加您信任的主机而不丢弃所有检查的方法,请尝试以下代码:http://code.google.com/p/self-signed-cert-trust-manager/ .

    回复于
  • 9

    EasySSLProtocolSocketFactory给了我问题所以我最终实现了自己的ProtocolSocketFactory .

    首先你需要注册它:

    Protocol.registerProtocol("https", new Protocol("https", new TrustAllSSLSocketFactory(), 443));

HttpClient client = new HttpClient();
...

    然后实现ProtocolSocketFactory:

    class TrustAllSSLSocketFactory implements ProtocolSocketFactory {

    public static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[]{
        new X509TrustManager() {
            public void checkClientTrusted(final X509Certificate[] certs, final String authType) {

            }

            public void checkServerTrusted(final X509Certificate[] certs, final String authType) {

            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }
    };

    private TrustManager[] getTrustManager() {
        return TRUST_ALL_CERTS;
    }

    public Socket createSocket(final String host, final int port, final InetAddress clientHost,
                               final int clientPort) throws IOException {
        return getSocketFactory().createSocket(host, port, clientHost, clientPort);
    }

    @Override
    public Socket createSocket(final String host, final int port, final InetAddress localAddress,
                               final int localPort, final HttpConnectionParams params) throws IOException {
        return createSocket(host, port);
    }

    public Socket createSocket(final String host, final int port) throws IOException {
        return getSocketFactory().createSocket(host, port);
    }

    private SocketFactory getSocketFactory() throws UnknownHostException {
        TrustManager[] trustAllCerts = getTrustManager();

        try {
            SSLContext context = SSLContext.getInstance("SSL");
            context.init(null, trustAllCerts, new SecureRandom());

            final SSLSocketFactory socketFactory = context.getSocketFactory();
            HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
            return socketFactory;
        } catch (NoSuchAlgorithmException | KeyManagementException exception) {
            throw new UnknownHostException(exception.getMessage());
        }
    }
}

    注意:这是使用HttpClient 3.1和Java 8

    回复于
  • 23

    想在这里粘贴答案:

    在Apache HttpClient 4.5.5中

    How to handle invalid SSL certificate with Apache client 4.5.5?

    HttpClient httpClient = HttpClients
            .custom()
            .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build())
            .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
            .build();
    回复于
  • 44

    link解释了您一步一步的要求 . 如果您不关心哪个证书可以继续下面的链接进程 .

    注意您可能想要仔细检查自己正在做什么,这是一个不安全的操作 .

    回复于
  • 0

    使用 InstallCert 生成 jssecacerts 文件并且 -Djavax.net.ssl.trustStore=/path/to/jssecacerts 工作得很好 .

    回复于
  • 0

    我正在使用httpclient 3.1.X,这对我有用

    try {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManager trustManager = new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        sslContext.init(null, new TrustManager[]{trustManager}, null);
        SslContextSecureProtocolSocketFactory socketFactory = new SslContextSecureProtocolSocketFactory(sslContext,false);
        Protocol.registerProtocol("https", new Protocol("https", (ProtocolSocketFactory) socketFactory, 443));//同样会影响到HttpUtils
    } catch (Throwable e) {
        e.printStackTrace();

    }

    public class SslContextSecureProtocolSocketFactory implements      SecureProtocolSocketFactory {

private SSLContext sslContext;
private boolean verifyHostname;

public SslContextSecureProtocolSocketFactory(SSLContext sslContext, boolean verifyHostname) {
    this.verifyHostname = true;
    this.sslContext = sslContext;
    this.verifyHostname = verifyHostname;
}

public SslContextSecureProtocolSocketFactory(SSLContext sslContext) {
    this(sslContext, true);
}

public SslContextSecureProtocolSocketFactory(boolean verifyHostname) {
    this((SSLContext)null, verifyHostname);
}

public SslContextSecureProtocolSocketFactory() {
    this((SSLContext)null, true);
}

public synchronized void setHostnameVerification(boolean verifyHostname) {
    this.verifyHostname = verifyHostname;
}

public synchronized boolean getHostnameVerification() {
    return this.verifyHostname;
}

public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
    SSLSocketFactory sf = this.getSslSocketFactory();
    SSLSocket sslSocket = (SSLSocket)sf.createSocket(host, port, clientHost, clientPort);
    this.verifyHostname(sslSocket);
    return sslSocket;
}

public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
    if(params == null) {
        throw new IllegalArgumentException("Parameters may not be null");
    } else {
        int timeout = params.getConnectionTimeout();
        Socket socket = null;
        SSLSocketFactory socketfactory = this.getSslSocketFactory();
        if(timeout == 0) {
            socket = socketfactory.createSocket(host, port, localAddress, localPort);
        } else {
            socket = socketfactory.createSocket();
            InetSocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
            InetSocketAddress remoteaddr = new InetSocketAddress(host, port);
            socket.bind(localaddr);
            socket.connect(remoteaddr, timeout);
        }

        this.verifyHostname((SSLSocket)socket);
        return socket;
    }
}

public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
    SSLSocketFactory sf = this.getSslSocketFactory();
    SSLSocket sslSocket = (SSLSocket)sf.createSocket(host, port);
    this.verifyHostname(sslSocket);
    return sslSocket;
}

public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    SSLSocketFactory sf = this.getSslSocketFactory();
    SSLSocket sslSocket = (SSLSocket)sf.createSocket(socket, host, port, autoClose);
    this.verifyHostname(sslSocket);
    return sslSocket;
}

private void verifyHostname(SSLSocket socket) throws SSLPeerUnverifiedException, UnknownHostException {
    synchronized(this) {
        if(!this.verifyHostname) {
            return;
        }
    }

    SSLSession session = socket.getSession();
    String hostname = session.getPeerHost();

    try {
        InetAddress.getByName(hostname);
    } catch (UnknownHostException var10) {
        throw new UnknownHostException("Could not resolve SSL sessions server hostname: " + hostname);
    }

    X509Certificate[] certs = (X509Certificate[])((X509Certificate[])session.getPeerCertificates());
    if(certs != null && certs.length != 0) {
        X500Principal subjectDN = certs[0].getSubjectX500Principal();
        List cns = this.getCNs(subjectDN);
        boolean foundHostName = false;
        Iterator i$ = cns.iterator();
        AntPathMatcher matcher  = new AntPathMatcher();
        while(i$.hasNext()) {
            String cn = (String)i$.next();
            if(matcher.match(cn.toLowerCase(),hostname.toLowerCase())) {
                foundHostName = true;
                break;
            }
        }

        if(!foundHostName) {
            throw new SSLPeerUnverifiedException("HTTPS hostname invalid: expected \'" + hostname + "\', received \'" + cns + "\'");
        }
    } else {
        throw new SSLPeerUnverifiedException("No server certificates found!");
    }
}

private List<String> getCNs(X500Principal subjectDN) {
    ArrayList cns = new ArrayList();
    StringTokenizer st = new StringTokenizer(subjectDN.getName(), ",");

    while(st.hasMoreTokens()) {
        String cnField = st.nextToken();
        if(cnField.startsWith("CN=")) {
            cns.add(cnField.substring(3));
        }
    }

    return cns;
}

protected SSLSocketFactory getSslSocketFactory() {
    SSLSocketFactory sslSocketFactory = null;
    synchronized(this) {
        if(this.sslContext != null) {
            sslSocketFactory = this.sslContext.getSocketFactory();
        }
    }

    if(sslSocketFactory == null) {
        sslSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
    }

    return sslSocketFactory;
}

public synchronized void setSSLContext(SSLContext sslContext) {
    this.sslContext = sslContext;
}

    }

    回复于
  • 1

    对于HttpClient,我们可以这样做:

    SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);

        String uri = new StringBuilder("url").toString();

        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };

        HttpClient client = HttpClientBuilder.create().setSSLContext(ctx)
                .setSSLHostnameVerifier(hostnameVerifier).build()
    回复于
  • 4

    按照下面给出的Java 1.7的说明,使用InstallCert.java程序文件创建SSL证书 .

    https://github.com/escline/InstallCert

    你必须重新启动tomcat

    回复于
  • 0

    将以下内容与DefaultTrustManager一起使用,它在httpclient中工作,如charm . 万分感谢!! @Kevin和其他所有贡献者

    SSLContext ctx = null;
    SSLConnectionSocketFactory sslsf = null;
    try {

        ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);

        sslsf = new SSLConnectionSocketFactory(
                ctx,
                new String[] { "TLSv1" },
                null,
                SSLConnectionSocketFactory.getDefaultHostnameVerifier());

    } catch (Exception e) {
        e.printStackTrace();
    }

     CloseableHttpClient client = HttpClients.custom()
            .setSSLSocketFactory(sslsf)
            .build();
    回复于
  • 3

    我碰巧遇到了同样的问题,突然间我的所有进口都丢失了 . 我尝试删除.m2文件夹中的所有内容 . 并尝试重新导入所有内容,但仍然无效 . 最后,我所做的是打开了IDE抱怨它无法在我的浏览器中下载的网站 . 并看到它正在使用的证书,并在我看到

    $ keytool -v -list  PATH_TO_JAVA_KEYSTORE

    我的密钥库的路径是/Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts

    那个特定的证书不存在 .

    因此,您所要做的就是再次将证书放入JAVA JVM密钥库 . 可以使用以下命令完成 .

    $ keytool -import -alias ANY_NAME_YOU_WANT_TO_GIVE -file PATH_TO_YOUR_CERTIFICATE -keystore PATH_OF_JAVA_KEYSTORE

    如果要求输入密码,请尝试使用默认密码'changeit'如果在运行上述命令时出现权限错误 . 在Windows中以管理模式打开它 . 在mac和unix中使用sudo .

    成功添加密钥后,您可以使用以下方法查看密钥:

    $ keytool -v -list  /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts

    您可以使用teh命令查看SHA-1

    $ keytool -list  /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts
    回复于

相关问题