本文介绍了证书中的主机名不匹配?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试使用自签名证书连接到服务器。我使用此代码接受所有证书。
I try to connect to a server with a self-signed certificate. I use this code to accept all certificates.
public class CertificateAcceptor { public void initializeTrustManager() { try { SSLContext context = SSLContext.getInstance("SSL"); context.init(null, createTrustManager(), new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } private TrustManager[] createTrustManager() { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // leave blank to trust all clients } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // leave blank to trust all servers for (X509Certificate c : chain) { System.out.println(c.toString()); } } } }; return trustAllCerts; } }但是我收到以下错误:
javax.ssl.SSLException: hostname in certificate didn't match: <xyz.ch> != <localhost> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)我确定我的证书代码已执行,那么问题可能是什么?
I'm sure that my Certificate code is executed, so what could be the problem?
推荐答案您可以使用 SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
SSLSocketFactory sf = new SSLSocketFactory( SSLContext.getInstance("TLS"), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme("https", 443, sf); httpclient.getConnectionManager().getSchemeRegistry().register(sch); HttpGet httpget = new HttpGet("host/"); ... ...更多推荐
证书中的主机名不匹配?
发布评论