警告:找不到合适的证书 - 在没有客户端身份验证的情况下继续
2022-09-03 14:35:35
团队 我在尝试使用HTTPS完成相互握手时遇到的以下问题
main, READ: TLSv1.2 Handshake, length = 30
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA
Cert Authorities:
<Empty>
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
我的 JAVA 类是一个 follows
public class ClientCustomSSL {
@SuppressWarnings("deprecation")
public final static void main(String[] args) throws Exception {
// Trust own CA and all self-signed certs
final String CLIENT_KEYSTORE = "yourkeystore.jks";
final String CLIENT_TRUSTSTORE = "catruststore.jks";
final char[] KEYPASS_AND_STOREPASS_VALUE = "Hello1".toCharArray();
System.setProperty("https.protocols", "TLSv1");
//SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keystore, keyPassword)(YK,"Hello1".toCharArray(),"Hello1".toCharArray()).loadTrustMaterial(CA, "Hello1".toCharArray(), (TrustStrategy) new TrustSelfSignedStrategy()).build();
KeyStore clientTrustStore = getStore(CLIENT_TRUSTSTORE, KEYPASS_AND_STOREPASS_VALUE);
KeyStore clientKeyStore = getStore(CLIENT_KEYSTORE, KEYPASS_AND_STOREPASS_VALUE);
SSLContext sslContext = SSLContexts.custom().loadKeyMaterial(clientKeyStore, "Hello1".toCharArray()).loadTrustMaterial(clientTrustStore,(TrustStrategy) new TrustSelfSignedStrategy()).build();
CloseableHttpClient httpclient = HttpClients.custom().setSSLContext(sslContext).build();
System.out.println("SSLCONETXT **** " + sslContext.getProvider());
try {
HttpGet httpget = new HttpGet("https://myserver:10220");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
System.out.println("Inside TRY blcok");
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} catch (Exception e) {
e.getMessage();
e.printStackTrace();
}
finally {
response.close();
}
} finally {
httpclient.close();
}
}
public static KeyStore getStore(final String storeFileName, final char[] password) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException
{
final String JAVA_KEYSTORE = "jks";
final KeyStore store = KeyStore.getInstance(JAVA_KEYSTORE);
URL url = ClientCustomSSL.class.getClassLoader().getResource(storeFileName);
String workingDir = System.getProperty("user.dir");
System.out.println("Current working directory : " + workingDir);
System.out.println("Value of URL *** " + url);
InputStream inputStream = url.openStream();
try {
store.load(inputStream, password);
} finally {
inputStream.close();
}
return store;
}
}
我正在准备一个jar文件并从UNIX盒子测试它
使用以下命令 java -Djavax.net.debug=ssl -cp snSSLclientTrustWithStoreCCC.jar cassandra.cass.ClientCustomSSL
我已经关注了为什么java在SSL握手期间不发送客户端证书的帖子?并且还完成了Bruno提到的所有步骤。
我不确定我在这里错过了什么。任何帮助将不胜感激
