发表新帖
发表新帖

Is it possible to get Java to ignore the “trust store” and just accept whatever SSL certificate it gets?

后端 未结
关注
5 524
暖寄归人
暖寄归人 2020-11-28 08:36

I am trying to write an SSL client that sends mail using the javax.mail API. The problem I am having is that the server request that I use SSL, but the server is also config

相关标签:
5条回答
  • 遇见更好的自我
    2020-11-28 09:12

    You need to create a fake TrustManager that accepts all certificates, and register it as a manager. Something like this:

    public class MyManager implements com.sun.net.ssl.X509TrustManager {
  public boolean isClientTrusted(X509Certificate[] chain) { return true; }
  public boolean isHostTrusted(X509Certificate[] chain) { return true; }
  ...
}


com.sun.net.ssl.TrustManager[] managers =
  new com.sun.net.ssl.TrustManager[] {new MyManager()};

com.sun.net.ssl.SSLContext.getInstance("SSL").
       .init(null, managers, new SecureRandom());
    0 讨论(0)
  • 独厮守ぢ
    2020-11-28 09:14

    Try this (answer to question 2):

    System.setProperty("javax.net.ssl.trustStore", "/path/to/truststore");

    You can also specify this as an additional command line parameter:

    java -Djavax.net.ssl.trustStore=/path/to/truststore <remaining arguments>

    On Fedora this could be the system wide java trust store in /etc/pki/java/cacerts

    0 讨论(0)
  • 清歌不尽
    2020-11-28 09:18

    Just add -Dtrust_all_cert=true to VM arguments. This argument tells java to ignore all certificate checks.

    0 讨论(0)
  • 忘了有多久
    2020-11-28 09:21

    In Command Line you can add argument -noCertificationCheck to java to ignore the certificate checks.

    0 讨论(0)
  • 礼貌的吻别
    2020-11-28 09:34

    Working code ( in jdk1.6.0_23) for #1.

    Imports

    import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

    The actual trust all TrustManager code.

    TrustManager trm = new X509TrustManager() {
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public void checkClientTrusted(X509Certificate[] certs, String authType) {

    }

    public void checkServerTrusted(X509Certificate[] certs, String authType) {
    }
};

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { trm }, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    0 讨论(0)
 看不清?
提交回复
热议问题