发表新帖
发表新帖

Validate X.509 certificate against CA in Java

后端 未结
关注
3 804
不要未来只要你来
不要未来只要你来 2020-12-08 03:07

Lets say I have something like this (client side code):

TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {

        @Override
3条回答
  • 情歌与酒
    情歌与酒 (楼主)
    2020-12-08 03:58

    The accepted answer is extremely incorrect. It doesn't cryptographically verify any connection between the server certificate and the trusted certificate authority. In general, you should almost never need to implement your own TrustManager, doing so is extremely dangerous.

    As EJP stated, there's no need to implement your own TrustManager, you can just use the default one, and ensure that the trusted CA certificate has been added to your default TrustStore. See this question for more information.

    Take a look at the CertPathValidator class from the JDK, which verifies a continuous chain of trust from the server's own certificate up through a trusted CA. See Oracle's docs for an introduction to certificate chain validation.

    0 讨论(0)
 看不清?
提交回复
热议问题