Java trustmanager behavior on expired certificates
Does java\'s TrustManager implementation ignore if a certificate has expired?
I tried the following:
- Using keytool and parameter -startdate \"1
-
I did not try your example, but I now I regularly have to regenerate my server certificates (for our development server) since their certificates have quite short validity times.
In our case the client does not have the server certificates themselves in the truststore, but only the certificate of our CA (with longer validity), and when the client tries to connect to the server, both sides get a SSLException (which may be wrapped in another exception in your case).
I guess that the trust manager assumes something like "if you give me expired certificates to trust in, I'll do it". Try our approach instead (it also saves you to update the client each time the server certificate expires).
加载中...
- 热议问题