问题
I am trying to call a webservice using ssl. How do i get the relevant server cert so that i can import it into my truststore? I know about the use of property com.ibm.ssl.enableSignerExchangePrompt from a main method but i would add the server cert to my truststore manually.
I dont want this property set in any of my servlets
Any help is greatly appreciated Thanks Damien
回答1:
you can programmatically do this with Java by implementing your own X509TrustManager.
public class dummyTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
//do nothing
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// do nothing
}
public X509Certificate[] getAcceptedIssuers() {
//just return an empty issuer
return new X509Certificate[0];
}
}
Then you can use this trust manager to create a SSL sockect
SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] { new dummyTrustManager() },
new java.security.SecureRandom());
SSLSocketFactory factory = context.getSocketFactory();
InetAddress addr = InetAddress.getByName(host_);
SSLSocket sock = (SSLSocket)factory.createSocket(addr, port_);
Then with that socket you can just extract the server certificate (an put import it in the trusted keystore)
SSLSession session = sock.getSession();
Certificate[] certchain = session.getPeerCertificates();
回答2:
If you browse to the site in your web browser you can look at the security info by hitting the little padlock icon and in the dialog that pops up you can save the certificate.
Steps for Chrome
- Click the padlock(in the address bar)
- Click 'Certificate Information'
- Under the 'Details' tab you can select 'Copy to file...'.
来源:https://stackoverflow.com/questions/146385/server-cert-and-client-truststore