javax.net.ssl.SSLException: Not trusted server certificate

最新推荐文章于 2024-06-13 16:48:07 发布
原创 最新推荐文章于 2024-06-13 16:48:07 发布 · 6k 阅读 · 5 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#server #ssl #null #exception #soap #session

本文介绍了解决Android项目中因未受信任的服务器证书导致的SSLException错误的方法。通过创建一个自定义的信任管理器来绕过证书验证,并设置默认的SSL套接字工厂和主机名验证器。

今天写项目遇到:

 

05-13 02:54:19.636: WARN/System.err(294): javax.net.ssl.SSLException: Not trusted server certificate
     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
     at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.getSecureSocket(HttpConnection.java:168)
     at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection$HttpsEngine.connect(HttpsURLConnection.java:398)
     at org.apache.harmony.luni.internal.net.www.protocol.https.HttpsURLConnection.connect(HttpsURLConnection.java:146)
     at org.ksoap2.transport.ServiceConnectionSE.connect(ServiceConnectionSE.java:75)
     at org.ksoap2.transport.HttpTransportSE.call(HttpTransportSE.java:136)
     at org.ksoap2.transport.HttpTransportSE.call(HttpTransportSE.java:90)
     at com.ceosoft.acemetrix.wsdl.WSDLClient.MakeCall(WSDLClient.java:130)
     at com.ceosoft.acemetrix.wsdl.WSDLClient.InvokeMethod(WSDLClient.java:108)
     at com.ceosoft.acemetrix.wsdl.WSDLClient.getDailyTop5(WSDLClient.java:146)
     at com.ceosoft.acemetrix.data.manager.DataManager$1.launch(DataManager.java:144)
     at com.ceosoft.acemetrix.data.DataTask.doInBackground(DataTask.java:74)
     at com.ceosoft.acemetrix.data.DataTask.doInBackground(DataTask.java:1)
     at android.os.AsyncTask$2.call(AsyncTask.java:185)
     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
     at java.util.concurrent.FutureTask.run(FutureTask.java:137)
     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
     at java.lang.Thread.run(Thread.java:1096)
     
      
     Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
     ... 18 more
     Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
     at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
     ... 19 more

 

 

-----------------------------------------------------------------------------------------------------

找了一些参考资料:

http://stackoverflow.com/questions/995514/https-connection-android#1000205

 

http://groups.google.com/group/android-developers/browse_thread/thread/62d856cdcfa9f16e/dd59b1998d23a660?lnk=gst&q=SSL+fake+cert#dd59b1998d23a660

 

------------------------------------------------------------------------------------------------

得到结论:

call allowAllSSL() before you do any SSL communication/call to ksoap2. It will register a new default HostnameVerifier and TrustManager. ksoap2, when doing its SSL communication, will use the default ones and it works like a charm.

 

-------------------------------------------------------------------------------------------------

解决方法:

 

在项目中添加类:

 

public class _FakeX509TrustManager implements X509TrustManager {

    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new
X509Certificate[] {};

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String
authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String
authType) throws CertificateException {
    }

    public boolean isClientTrusted(X509Certificate[] chain) {
            return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
            return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
            return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                            return true;
                    }

            });

            SSLContext context = null;
            if (trustManagers == null) {
                    trustManagers = new TrustManager[] { new _FakeX509TrustManager() };
            }

            try {
                    context = SSLContext.getInstance("TLS");
                    context.init(null, trustManagers, new SecureRandom());
            } catch (NoSuchAlgorithmException e) {
                    e.printStackTrace();
            } catch (KeyManagementException e) {
                    e.printStackTrace();
            }

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
    }

}

 

 

--------------然后在:

调用:

 

HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
         try
            {                

                _FakeX509TrustManager.allowAllSSL() ; // solution: javax.net.ssl.SSLException: Not trusted server certificate
                androidHttpTransport.call(soap_action, Envelope);
                SoapObject response = (SoapObject)Envelope.getResponse();
               
                return response;
            }
         catch(Exception e)
         {
             e.printStackTrace();
            
         }
         return null;

 

 

偶然
关注
Android之javax.net.ssl.SSLPeerUnverifiedException: Hostname ip not verified:解决办法
码莎拉蒂
06-08 2万+
1、问题用HttpURLConnection去请求的时候抛了下面的异常HttpRequest$HttpRequestException: javax.net.ssl.SSLPeerUnverifiedException: Hostname ip not verified:2、分析和解决从异常来看是因为SSL协议握手的过程中,这个服务度地址的证书没有被证实,被信任。client使用一个不同的Trus...
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException
yzpbright的博客
03-30 9107
使用的是okhttp,https请求报异常: Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorS
出现javax.net.ssl.SSLException: Not trusted server certificate错误
保卫的专栏
04-01 6134
WARN/CheckinService(1214): SSL error, attempting to fetch the time: javax.net.ssl.SSLException: Not trusted server certificate01-01 08:33:13.139: WARN/System.err(1682): java.io.FileNotFoundException:
HttpClient 使用时,出现「no trusted certificate found」的原因 (JDK没有安装相应的证明书)
sun0322
05-31 7717
■前言 访问的对象网站时 HTTPS 的。 (A程序,访问B中的HTTPS) ■原因 证明书,不识别 (A程序所在的服务器,不认可,HTTPS的证明书) ■解决 在 运行环境的jre中,导入 网站对应的证明书 (即,在A程序运行的服务器的环境中,安装证明书。) Keytool –import –keystore im.jks –file certificate.cer --- 证明书从 B中导出 ■查看当前证明书 进入到Jre的目录下,执行对应的命令 C...
打开Idea,弹出Server‘s certificate is not trusted 解决方法
R的博客
12-03 4627
打开idea,弹出Server's certificate is not trusted 解决方法
javax.net.ssl.SSLException 两种解决方法 链接https接口
zdreamLife的博客
08-25 3万+
1.第一种就是报错咱绕开验证这个环节 先创建一个类 MyX509TrustManager import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.X509TrustManager; public class MyX50...
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:No subject alternative
weixin_53273474的博客
10-28 2710
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:No subject alternative names present解决方案。
javax.net.ssl.SSLHadshakeException: sun.security.validator.VatorException: PKIX path building failed
AAbb895212798的博客
07-21 864
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed 我是在获取邮箱验证码时提示以上错误。错误明细如下: javax.mail.MessagingException: Could not connect to SMTP host: smtp.vip.163.com, port: 465; nested exception is: javax
【OKHttp】javax.net.ssl. SSLHandshakeException:PKIX path building failed
SportHappy的博客
03-07 6192
Android异常:java.lang.IllegalStateException: Unable to extract the trust manager on Android10Platform, sslSocketFactory is class com.android.org.conscrypt.OpenSSLSocketFactoryImpl web、java项目异常:javax.net.ssl. SSLHandshakeException:PKIX path building failed..
javax.net.ssl.SSLException 解决办法(踩坑)
热门推荐
星辰旋风的博客
06-07 10万+
刚刚安装了ubuntu18.04 ,运行/gradlew assembleDebug的时候报异常javax.net.ssl.SSLException     在网上找找别人的踩坑指南,找了很久很久,终于在stackoverflow上的一行小字找到了解决方法。点击打开链接 很简单,执行如下两句命令,重新生成获取证书即可。 sudo rm /etc/ssl/certs/java/cacer...
解决https,javax.net.ssl.SSLException: hostname in certificate didn‘t match 等问题
木辰風的博客
05-08 2972
问题原因:https链接需要验证证书,证书不匹配、过期等问题导致调用接口不成功 https不校验证书,代码: static { SSLSocketFactory socketFactory = new SSLSocketFactory(getSSLContext(), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); SchemeRegistry schemeRegistry = new SchemeRegistry
Android局域网访问webservice以及其中的一些问题
dbvz4901的博客
02-18 210
应老师的要求,要做个安卓app,实现备份app上的数据到服务器上的mongodb上,网上搜了下相关的实现方式。利用webservice技术,具体来说就是客户端直接调用服务器端的接口。之前从来没接触这玩意儿,网上搜了个初学者入门的demo:Java WebService 简单实例。用myecipse写了服务器端的webservice: 1 package com.hyan.serv...
请求接口报错javax.net.ssl.SSLException: Received fatal alert: protocol_version
weixin_50306341的博客
06-13 3474
报错变成了:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target。重新测试,问题解决。
https请求报错解决:javax.net.ssl.SSLException: Not trusted ...
chuchu521的专栏
08-16 4009
通过https协议请求数据报错了一下错误: javax.net.ssl.SSLException: Not trusted server certificate exception. 在国外论坛上找了个解决的方案和大家分享。       我们需要自定义一个继承org.apache.http.conn.ssl.SSLSocketFactory的类,在android2.2 的SSLSocke
java开发https请求ssl不受信任问题
xiangbudao8的博客
10-12 4751
在java代码中请求https链接的时候,可能会报下面这个错误 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: u...
新浪微博:javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
LVXIANGAN的专栏
12-19 4462
问题在与  Utility类的getNewHttpClient方法 context.getSystemService(Context.WIFI_SERVICE); 访问了WIFI设备,但没有此权限会抛出异常,但该Coder在Catch返回了个DefaultHttpClient,导致异常抛出的是javax.net.ssl.SSLPeerUnverifiedException: No peer cer
springboot rabbitmq javax.net.ssl.SSLHandshakeException: No trusted certificate found
最新发布
06-13
### Spring Boot与RabbitMQ中的SSL握手异常解决方案 在Spring Boot与RabbitMQ集成时,如果出现`javax.net.ssl.SSLHandshakeException: No trusted certificate found`的异常,通常表明客户端无法验证服务器提供的SSL证书。以下是解决此问题的详细方法: #### 1. 配置RabbitMQ服务器以支持SSL 确保RabbitMQ服务器已正确配置SSL/TLS。需要生成一个有效的SSL证书,并将其添加到RabbitMQ的配置文件中[^1]。以下是一个典型的RabbitMQ SSL配置示例: ```plaintext listeners.ssl.default = 5671 ssl_options.cacertfile = /path/to/ca_certificate.pem ssl_options.certfile = /path/to/server_certificate.pem ssl_options.keyfile = /path/to/private_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false ``` #### 2. 导入服务器证书到Java信任库 在Spring Boot应用程序中,必须将RabbitMQ服务器的SSL证书导入到Java的信任库(TrustStore)中。以下是具体步骤: - 使用`keytool`命令将服务器证书导入到Java的信任库: ```bash keytool -import -alias rabbitmq-server -keystore $JAVA_HOME/lib/security/cacerts -file server_certificate.pem ``` 默认密码为`changeit`,但可能因环境而异。 #### 3. 配置Spring Boot应用程序以支持SSL 在Spring Boot中,可以通过配置`application.properties`或`application.yml`文件来启用SSL连接。例如,在`application.properties`中添加以下内容: ```properties spring.rabbitmq.host=localhost spring.rabbitmq.port=5671 spring.rabbitmq.username=guest spring.rabbitmq.password=guest spring.rabbitmq.ssl.enabled=true ``` 如果需要自定义信任库路径和密码,可以设置以下属性: ```properties spring.rabbitmq.ssl.trust-store=/path/to/truststore.jks spring.rabbitmq.ssl.trust-store-password=your_truststore_password ``` #### 4. 自定义RabbitMQ连接工厂 如果上述配置仍无法解决问题,可以通过编程方式自定义RabbitMQ的连接工厂。以下是一个代码示例: ```java import org.springframework.amqp.rabbit.connection.CachingConnectionFactory; import org.springframework.amqp.rabbit.connection.ConnectionFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.net.ssl.TrustManagerFactory; import java.io.FileInputStream; import java.security.KeyStore; @Configuration public class RabbitMqConfig { @Bean public ConnectionFactory rabbitConnectionFactory() throws Exception { CachingConnectionFactory connectionFactory = new CachingConnectionFactory(); connectionFactory.setHost("localhost"); connectionFactory.setPort(5671); connectionFactory.setUsername("guest"); connectionFactory.setPassword("guest"); // 加载信任库 KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (FileInputStream fis = new FileInputStream("/path/to/truststore.jks")) { trustStore.load(fis, "your_truststore_password".toCharArray()); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); connectionFactory.useSslProtocol(tmf.getTrustManagers()); return connectionFactory; } } ``` #### 5. 验证证书链 如果仍然遇到`No trusted certificate found`错误,可能是证书链不完整。确保服务器证书包含完整的中间证书链,并将其导出为单个PEM文件。例如: ```bash cat intermediate_ca.pem root_ca.pem > full_chain.pem ``` 然后更新RabbitMQ的`ssl_options.certfile`配置为新的完整链文件。 --- ### 总结 通过正确配置RabbitMQ服务器的SSL选项、将服务器证书导入Java信任库以及在Spring Boot应用程序中启用SSL支持,可以有效解决`javax.net.ssl.SSLHandshakeException: No trusted certificate found`问题[^2]。 ---
评论 1
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值