Some experiences in connecting the client to the server web service over https

The project needs to connect to the server using HTTPS to obtain some configuration parameters required by the system. Previously, HTTP was used for connection. The client code is relatively simple. You can directly use the URL class to connect and obtain the input stream. Try entering the corresponding HTTPS connection address in the browser and prompt for certificate confirmation. After confirmation, the content will be accessed.

After changing to https, some problems were encountered: javax.net. SSL. sslexception: Java. Lang. runtimeexception: Unexpected error: Java. Security. invalidalgorithmparameterexception: The trustanchors parameter must be non-empty. No way. Then Google finds that this problem is related to the certificate of the secure connection (security is not very familiar, but only the public key for verification ). Check that JDK provides certificate-related items. First, you need to get the certificate from the server. After thinking about it, ie seems to be okay. Try to use the IE connection address, and a prompt box is displayed, click View Certificate-Details, click Copy to file, select base64 encoding, export and generate AA. Cer. Then open it in notepad, as shown in the following figure:

----- Begin certificate -----
Bytes
Mqswcqydvqqgewjaqtelmcmga1uechmcvghhd3rlienvbnn1bhrpbmcgkfb0eskg
Bytes
J8thqj7stdhaistbtx/le0qplqlfkt3wqosrb5sqow/okv4w9m0txhwklsiyngdd
2 djnr/y4hprzmo7m/3 wstwo/uidpiftzd90sffcu + pdv41logq =
----- End certificate -----

You don't need to move this file. You can import it directly later.

PS: If you have already clicked the certificate confirmation, the link may be opened directly in the browser. In this case, you can click the "Lock" symbol under IE to view the certificate. After obtaining the certificate, you need to know it in the Java environment. In this example, JDK uses an exeand keytool.exe (available in % java_home %/bin, So If Java environment variables are configured, they can be called directly in the command line ). Enter the import command here:

D:/> keytool-import-file D:/Act/AA. cer-keystore D:/Act/CRT

Enter the keystore password: passwd
Owner: Cn = adapter18, ou = tech, O = unsap, L = SH, St = Shanghai, c = ZH
Sender: emailaddress = liuzhenwen@unsap.com, Cn = adapter18, ou = tech, O = unsap, L = sh
, St = Shanghai, c = ZH
No.: d
Validity Period: Fri Sep 26 13:44:35 CST 2008 to: Sat Sep 26 13:44:35 CST 2009
Authentication fingerprint:
MD5: D0: 01: B6: 83: E7: 60: CB: 7d: 3f: F3: F0: 04: 5f: 69: AA: 81
Sha1: 7c: 61: Ea: B6: 8d: 1c: D8: 38: 35: AC: 2f: 01: AC: 87: 73: 46: F7: 3f: 31: 98
Trust this certification? [No]: Y
The authentication has been added to the keystore.

D:/>

The three parameters represent the import operation, the imported Certificate file, and the place where the imported certificate is stored (PS: This path can be relative or absolute, but I have not succeeded in the experiment ). The user is prompted to enter the password for the certificate during the import process.

The certificate is successfully imported and named D:/Act/CRT.

 

Add two sentences to the Web service client program:

System. setproperty ("javax.net. SSL. truststore", "d:/Act/CRT ");
System. setproperty ("javax.net. SSL. truststorepassword", "passwd ");

Replace the IP address of the original HTTPS connection with the domain name, that is, the hostname when the certificate is generated. OK! The connection is successful.