Tag: 信任

在java中以运行时递归更改系统属性: 我有一个问题，并在java中搜索运行时更改系统属性的示例。换句话说，我有一个独立的库，它将加载System.setProperty(“javax.net.ssl.trustStore”, trustStorePath) ，其中System.setProperty(“javax.net.ssl.trustStore”, trustStorePath)的值将根据条件而改变。如果条件发生变化，那么我需要更改trustStorePath的值，并需要设置System Property。但故事是我第一次设置值时，它存储值并使用它，即使我更改了trustStorePath的值并再次设置系统属性。这种变化没有反映出来。那么，我该怎么做呢。以下是相同的示例代码段。 if (getFile(keyStorePath).exists() && isChanged ) { System.setProperty(“javax.net.ssl.keyStore”, keyStorePath); System.setProperty(“javax.net.ssl.keyStoreType”, “JKS”); System.setProperty(“javax.net.ssl.keyStorePassword”, Pwd); }else if (getFile(testMerchantKeyStorePath).exists() ) { System.setProperty(“javax.net.ssl.keyStore”, testMerchantKeyStorePath); System.setProperty(“javax.net.ssl.keyStoreType”, “JKS”); System.setProperty(“javax.net.ssl.keyStorePassword”,Pwd); }

在ssl（ldaps）的支持下连接活动目录: 我试图在ssl的支持下与活动目录连接。我尝试了以下网站的步骤。 http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory 当我尝试从java代码连接活动目录时，它会出现以下错误。 Exception in thread “main” javax.naming.CommunicationException: simple bind fail ed: 172.16.12.4:636 [Root exception is java.net.SocketException: Connection rese t] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.(Unknown Source) at […]

Java 7（充当客户端）使用在Java 6中工作的密钥库和信任库的SSL握手失败: 我正在进行JBoss AS 5.1到7.4以及Java 6到7的迁移，并且获得握手失败。密钥库和信任库是我们在Java 6中成功使用的密钥库和信任库。我已经写了一些测试来缩小问题范围，它绝对不是JBoss，而是Java 7。启用SSL日志记录后，我明白了： 17:44:30,041 INFO [stdout] (http-/192.168.147.20:8080-120) %% Invalidated: [Session-2, SSL_RSA_WITH_RC4_128_SHA] 17:44:30,041 INFO [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, SEND TLSv1 ALERT: fatal, description = certificate_unknown 17:44:30,041 INFO [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, WRITE: TLSv1 Alert, length = 2 17:44:30,041 INFO [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, called closeSocket() 17:44:30,041 INFO [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, handling exception: javax.net.ssl.SSLHandshakeException: […]

在Windows JRE中导入StartCom CA证书: 我有一个Java应用程序访问使用StartCom SSL证书的服务。为了实现这一点，我需要将StartCom CA证书添加到Java的信任库中，因为它们默认不在那里。我已经使用这些命令在linux上成功完成了这项工作 sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 […]

javax.net.ssl.SSLHandshakeException：收到致命警报：unknown_ca: 我必须通过SSL双重身份validation连接到服务器。我已将自己的私钥加证书添加到keystore.jks ，将服务器的自签名证书添加到truststore.jks ，这两个文件都复制到/ usr / share / tomcat7。我的代码使用的套接字工厂由以下提供者提供： @Singleton public static class SecureSSLSocketFactoryProvider implements Provider { private SSLSocketFactory sslSocketFactory; public SecureSSLSocketFactoryProvider() throws RuntimeException { try { final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); final InputStream trustStoreFile = new FileInputStream(“/usr/share/tomcat7/truststore.jks”); trustStore.load(trustStoreFile, “changeit”.toCharArray()); final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); final InputStream keyStoreFile […]