当前位置: 技术问答>java相关
一个SSL的具体编程问题。不知道哪错了?(附代码)
来源: 互联网 发布时间:2015-04-18
本文导语: 服务端: Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509") ; KeyStore ks =KeyStore.getInstance("JKS") ; //"2andnotafnord"是生成jnp2e19.keys...
服务端:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509") ;
KeyStore ks =KeyStore.getInstance("JKS") ;
//"2andnotafnord"是生成jnp2e19.keys文件时的密码
char[] password = "2andnotafnord".toCharArray() ;
ks.load(new FileInputStream("jnp2e19.keys"),password);
kmf.init(ks,password);
SSLContext context = SSLContext.getInstance("SSLv3") ;
context.init(kmf.getKeyManagers() ,null,null);
SSLServerSocketFactory factory
= context.getServerSocketFactory() ;
SSLServerSocket server
= (SSLServerSocket) factory.createServerSocket(111);
SSLSocket client=(SSLSocket)server.accept(); //接受客户机的连接请求
String destIP=client.getInetAddress().toString(); //客户机IP地址
int destport=client.getPort(); //客户机端口号
System.out.println("connected to "+destIP+" on port "+destport+".");
DataInputStream in=new DataInputStream(client.getInputStream());
String inline=in.readLine(); //读取Web浏览器提交的请求信息
System.out.println("Received:"+inline);
客户端:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509") ;
KeyStore ks =KeyStore.getInstance("JKS") ;
char[] password = "2andnotafnord".toCharArray() ;
ks.load(new FileInputStream("jnp2e19.keys"),password);
kmf.init(ks,password);
SSLContext context = SSLContext.getInstance("SSLv3") ;
context.init(kmf.getKeyManagers() ,null,null);
SSLSocketFactory factory
= context.getSocketFactory() ;
SSLSocket socket
= (SSLSocket) factory.createServerSocket("127.0.0.1",111);
//发送数据
Writer out = new OutputStreamWriter
(socket.getOutputStream() );
String sSend="Firstrn";
out.write(sSend);
out.flush();
结果:
(服务端)
connected to 127.0.0.1/127.0.0.1 on port 1573.
Received:null
(客户端)
javax.net.ssl.SSLException: untrusted server cert chain
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509") ;
KeyStore ks =KeyStore.getInstance("JKS") ;
//"2andnotafnord"是生成jnp2e19.keys文件时的密码
char[] password = "2andnotafnord".toCharArray() ;
ks.load(new FileInputStream("jnp2e19.keys"),password);
kmf.init(ks,password);
SSLContext context = SSLContext.getInstance("SSLv3") ;
context.init(kmf.getKeyManagers() ,null,null);
SSLServerSocketFactory factory
= context.getServerSocketFactory() ;
SSLServerSocket server
= (SSLServerSocket) factory.createServerSocket(111);
SSLSocket client=(SSLSocket)server.accept(); //接受客户机的连接请求
String destIP=client.getInetAddress().toString(); //客户机IP地址
int destport=client.getPort(); //客户机端口号
System.out.println("connected to "+destIP+" on port "+destport+".");
DataInputStream in=new DataInputStream(client.getInputStream());
String inline=in.readLine(); //读取Web浏览器提交的请求信息
System.out.println("Received:"+inline);
客户端:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509") ;
KeyStore ks =KeyStore.getInstance("JKS") ;
char[] password = "2andnotafnord".toCharArray() ;
ks.load(new FileInputStream("jnp2e19.keys"),password);
kmf.init(ks,password);
SSLContext context = SSLContext.getInstance("SSLv3") ;
context.init(kmf.getKeyManagers() ,null,null);
SSLSocketFactory factory
= context.getSocketFactory() ;
SSLSocket socket
= (SSLSocket) factory.createServerSocket("127.0.0.1",111);
//发送数据
Writer out = new OutputStreamWriter
(socket.getOutputStream() );
String sSend="Firstrn";
out.write(sSend);
out.flush();
结果:
(服务端)
connected to 127.0.0.1/127.0.0.1 on port 1573.
Received:null
(客户端)
javax.net.ssl.SSLException: untrusted server cert chain
|
it means that you need to obtain the certificate with IE, export the certificate from IE, and import the certificate into the keystore of server.
Here's how you do it:
Using Internet Explorer, open up the site indicated in the error log.
Double click on the lock icon in the browser window (bottom, right hand side).
Select the "Install Certificate..." button under the Certificate window General tab.
Make note of the Certification Path and click OK.
Then left click on IE:Tools-->Internet Options..., select the Content tab and select the Certificates... button.
Search through the tabs to find the certificate you just installed and select export.
A Certificate Export Wizard appears and assists you with the format. Select the Base-64 encoded X.509 (.CER) format.
Then ftp (or other means) to the Solaris machine and follow the directions in the tech note to import the certificate into the Restart server
Here's how you do it:
Using Internet Explorer, open up the site indicated in the error log.
Double click on the lock icon in the browser window (bottom, right hand side).
Select the "Install Certificate..." button under the Certificate window General tab.
Make note of the Certification Path and click OK.
Then left click on IE:Tools-->Internet Options..., select the Content tab and select the Certificates... button.
Search through the tabs to find the certificate you just installed and select export.
A Certificate Export Wizard appears and assists you with the format. Select the Base-64 encoded X.509 (.CER) format.
Then ftp (or other means) to the Solaris machine and follow the directions in the tech note to import the certificate into the Restart server
|
javax.net.ssl.SSLException: untrusted server cert chain
的意思是你的服务器应该有一个可以信任的证书。解决办法你可以在
http://www.google.com里输入untrusted server cert chain搜索一下有很多
答案的。
的意思是你的服务器应该有一个可以信任的证书。解决办法你可以在
http://www.google.com里输入untrusted server cert chain搜索一下有很多
答案的。
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。