首页 常见问题 https证书校验出现异常该如何解决

https证书校验出现异常该如何解决

https证书校验出现异常该如何解决?https证书(即SSL证书)校验是一个正常的流程,因为只有校验通过才会起到安全保障的作用。通常会对域名、证书链、证书是否过期等进行校验,如果出现异常应该怎么解决呢?以下就举例说明。

如果https证书校验过程中出现“unable to find valid certification path to requested target”这种报错,解决方法如下:

1)导入证书到本地证书库

2)信任所有https证书

最好的解决办法或许是信任所有https证书,因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法,在连接openConnection的时候忽略掉证书就行了。

SslUtils.java

import java.security.cert.CertificateException;
  
  import java.security.cert.X509Certificate;
  
  import javax.net.ssl.HostnameVerifier;
  
  import javax.net.ssl.HttpsURLConnection;
  
  import javax.net.ssl.SSLContext;
  
  import javax.net.ssl.SSLSession;
  
  import javax.net.ssl.TrustManager;
  
  import javax.net.ssl.X509TrustManager;
  
  public class SslUtils {private static void trustAllHttpsCertificates() throws Exception {
  
  TrustManager[] trustAllCerts = new TrustManager[1];
  
  TrustManager tm = new miTM();
  
  trustAllCerts[0] = tm;
  
  SSLContext sc = SSLContext.getInstance(“SSL”);
  
  sc.init(null, trustAllCerts, null);
  
  HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  
  }
  
  static class miTM implements TrustManager,X509TrustManager {
  
  public X509Certificate[] getAcceptedIssuers() {
  
  return null;
  
  }
  
  public boolean isServerTrusted(X509Certificate[] certs) {
  
  return true;
  
  }
  
  public boolean isClientTrusted(X509Certificate[] certs) {
  
  return true;
  
  }
  
  public void checkServerTrusted(X509Certificate[] certs, String authType)
  
  throws CertificateException {
  
  return;
  
  }
  
  public void checkClientTrusted(X509Certificate[] certs, String authType)
  
  throws CertificateException {
  
  return;
  
  }
  
  }
  
  /**
  
  * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
  
  * @throws Exception
  
  */
  
  public static void ignoreSsl() throws Exception{
  
  HostnameVerifier hv = new HostnameVerifier() {
  
  public boolean verify(String urlHostName, SSLSession session) {
  
  System.out.println(“Warning: URL Host: ” + urlHostName + ” vs. ” + session.getPeerHost());
  
  return true;
  
  }
  
  };
  
  trustAllHttpsCertificates();
  
  HttpsURLConnection.setDefaultHostnameVerifier(hv);
  
  }
  
  }

SslTest.java:

import java.io.OutputStreamWriter;
  
  import java.net.URL;
  
  import java.net.URLConnection;
  
  import org.apache.commons.io.IOUtils;
  
  public class SslTest {
  
  public String getRequest(String url,int timeOut) throws Exception{
  
  URL u = new URL(url);
  
  if(“https”.equalsIgnoreCase(u.getProtocol())){
  
  SslUtils.ignoreSsl();
  
  }
  
  URLConnection conn = u.openConnection();
  
  conn.setConnectTimeout(timeOut);
  
  conn.setReadTimeout(timeOut);
  
  return IOUtils.toString(conn.getInputStream());
  
  }
  
  public String postRequest(String urlAddress,String args,int timeOut) throws Exception{
  
  URL url = new URL(urlAddress);
  
  if(“https”.equalsIgnoreCase(url.getProtocol())){
  
  SslUtils.ignoreSsl();
  
  }
  
  URLConnection u = url.openConnection();
  
  u.setDoInput(true);
  
  u.setDoOutput(true);
  
  u.setConnectTimeout(timeOut);
  
  u.setReadTimeout(timeOut);
  
  OutputStreamWriter osw = new OutputStreamWriter(u.getOutputStream(), “UTF-8”);
  
  osw.write(args);
  
  osw.flush();
  
  osw.close();
  
  u.getOutputStream();
  
  return IOUtils.toString(u.getInputStream());
  
  }
  
  public static void main(String[] args) {
  
  try {
  
  SslTest st = new SslTest();
  
  String a = st.getRequest(“https://xxx.com/login.action”, 3000);
  
  System.out.println(a);
  
  } catch (Exception e) {
  
  e.printStackTrace();
  
  }
  
  }
  
  }

https证书校验出现报错异常就可以按照以上方法来解决。

© 2024 SSL证书评测网 - 专业为大家推荐评测多个国际知名便宜SSL证书品牌(包括Symantec、GeoTrust、Comodo、GlobalSign等)的SSL证书/https证书/代码签名证书申请方案。