PKIX Path Building failed problem when HTTPS connection occurs

The first method: the security certificate download and import-----------The traditional method, the advantage is high security, the disadvantage is that if the site replacement certificate, you have to re-download and import, not flexible

sudo keytool-import-noprompt-trustcacerts-alias ctsite-file/users/zhanghao/desktop/sslvpn.cer-keystore/library/ Java/javavirtualmachines/jdk1.8.0_40.jdk/contents/home/jre/lib

The second method: the non-trusted certificate connection, their own implementation of the certification of the site through the-----------a different way, the advantage is flexible, do not worry about the site certificate replacement or expiration caused system problems, the disadvantage is a little risk (in fact can be ignored), recommend the second method, the concrete implementation of the case as follows :

In the micro-bo real-name authentication needs to communicate with the third-party platform HTTPS, the other side because of the replacement of the website security certificate, resulting in the pass system connection failure, through the study found that the original method ( Using org.codehaus.xfire.transport.http.EasySSLProtocolSocketFactory) does not apply to the new security certificate Validation specification, so it is improved by becomes an unconditional trust pass when you make an HTTPS connection to a certificate-free web site to avoid future system problems due to security certificate replacement.

Original connection mode: (using Org.codehaus.xfire.transport.http.EasySSLProtocolSocketFactory)

Explanation of Easysslprotocolsocketfactory (online source), Keywords: self-registration certificate, should not be used in production environment

Protocolsocketfactory easy = new Easysslprotocolsocketfactory ();

Protocol Protocol = new Protocol ("https", easy, 443);

Protocol.registerprotocol ("https", Protocol);

Example of constructing httpclient

HttpClient HttpClient = new HttpClient ();

Httpclient.gethostconfiguration (). Sethost ("auth.cnidrz.cn", 443, protocol);

Httpclient.getparams (). Setparameter (Httpmethodparams.http_content_charset, "UTF-8");

Create an instance of the Get method

GetMethod GetMethod = new GetMethod (URL);

try{

Executive GetMethod

Bindpersonalid_directaction.trustallhttpscertificates ();//Do it first. This makes the site trusted

int statusCode = Httpclient.executemethod (GetMethod);

if (statusCode! = HTTPSTATUS.SC_OK) {

System.err.println ("Method failed:"

+ Getmethod.getstatusline ());

}

Read content

temp_id = Getmethod.getresponsebodyasstring ();

}catch (Exception e) {

E.printstacktrace ();

throw new Exception ("Authentication failed, Reason: [Authentication system Exception].");

}finally{

Release connection

Getmethod.releaseconnection ();

}

Existing connection mode: (Adopt implement X509trustmanager interface method)

HttpClient HttpClient = new Defaulthttpclient (); To create a default HttpClient instance

X509trustmanager XTM = new X509trustmanager () {//Create TrustManager

public void checkclienttrusted (x509certificate[] chain, String authtype) throws Certificateexception {}

public void checkservertrusted (x509certificate[] chain, String authtype) throws Certificateexception {}

Public x509certificate[] Getacceptedissuers () {return null;}

};

try {

TLS1.0 and SSL3.0 basically do not have much difference, can be roughly understood as TLS is the successor of SSL, but they use the same sslcontext

Sslcontext CTX = sslcontext.getinstance ("SSL"); -----------------Note: The test found that this must be an "SSL" instance instead of "TLS", the reason is unclear

Use TrustManager to initialize the context, TrustManager is only used by SSL sockets

Ctx.init (NULL, new TRUSTMANAGER[]{XTM}, NULL);

Create Sslsocketfactory

Sslsocketfactory socketfactory = new Sslsocketfactory (CTX);

Register sslsocketfactory with Schemeregistry on our httpclient

Httpclient.getconnectionmanager (). Getschemeregistry (). Register (New Scheme ("https", Socketfactory, 443));

Httpclient.getparams (). Setparameter (Httpmethodparams.http_content_charset, "UTF-8");

To create an instance of the HttpGet method

HttpGet httpget = new HttpGet (URL); Create HttpPost

HttpResponse response = Httpclient.execute (HttpGet);

Perform

if (Response.getstatusline (). Getstatuscode () = = 200)

{

Read content

httpentity entity = response.getentity (); Get response Entity

if (null! = entity) {

temp_id = entityutils.tostring (Entity, "UTF-8");

}

}else{

System.out.println ("Get temp_id, the authentication platform has an internal error!! ");

}

}catch (Exception e) {

E.printstacktrace ();

throw new Exception ("Authentication failed, Reason: [Authentication system Exception].");

}finally{

Release connection

Httpclient.getconnectionmanager (). Shutdown (); Close the connection and release the resource

}

PKIX Path Building failed problem when HTTPS connection occurs