Connect with HTTP, the client code is relatively simple, directly using the URL class to connect and get the input stream. HTTPS does not require a client certificate, and the server-side certificate is already trusted and is as easy as HTTP. When verifying a certificate for a fee of thousands of yuan a year, in order to save money, this is mainly to say Java access to unauthenticated certificates of HTTPS access.
There are usually two scenarios: 1, import the certificate into the Truststore file, 2, and modify the implementation of the X509 certificate trust manager class. Recommend the use of the first option, we can try to make the server's certificate stable, not in use to modify it.
The first step is to export the server-side certificate. Use IE to connect the address, then appear the Certificate confirmation box, click View Certificate-details, click Copy to File, select Base64 encoding, export save file for Test.cert.
In the second step, import the certificate from other files into the Truststore file.
Keytool-import-file Test.cer-keystore Test_store
Step three, set the Javax.net.ssl.trustStore system Properties of Java
System.setproperty ("Javax.net.ssl.trustStore", "D: \\test_store");/note is an absolute path
This allows access to our own HTTPS service via the HttpClient application interface.
Common errors: javax.net.ssl.SSLException:java.lang.RuntimeException:Unexpected error: Java.security.InvalidAlgorithmParameterException:the trustanchors parameter must be Non-empty exception, there are two situations:
1, no settings or file path settings error;
2, the certificate on the use of Keytool default JKS type can be, otherwise it will be an error, reference content
An implementation of PKCS12 as JCA keystore type "Pkcs12″. Storing trusted anchors in PKCS12 are not supported. Users should store trust anchors in JKS format and save private keys in PKCS12 format.
From http://www.cs.nyu.edu/artg/internet/Spring2006/readings/JSSERefGuide.html
No related posts.
Original link: http://www.wenhq.com/article/view_711.html