SSLHandshakeException找不到证书路径的信任锚Android HTTPS
韦晟睿
问题内容:
问题答案:
我正在尝试建立与HTTPS站点的连接,并且我GOT打印例外:javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found。
我的原始代码如下:
URL url = new URL("https://example.com");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
in = urlConnection.getInputStream();
byte[] responsedata = CommonUtil.readInputStream(in);
Log.w(TAG, "response is "+CommonUtil.convertBytesToHexString(responsedata));
然后,我在这里阅读了Google的文章,并将代码修改为:
CertificateFactory cf;
try {
cf = CertificateFactory.getInstance("X.509");
InputStream in = this.mContext.getResources().openRawResource(R.raw.cert);
Certificate ca;
ca = cf.generateCertificate(in);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
in.close();
URL url = new URL("https://example.com");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
in = urlConnection.getInputStream();
byte[] responsedata = CommonUtil.readInputStream(in);
Log.w(TAG, "response is "+CommonUtil.convertBytesToHexString(responsedata));
in.close();
关于R.raw.cert文件,我使用此站点来检查该站点的证书。我发现了3个证书,我不知道该使用哪个证书。我一一尝试。
一个名称“ VeriSign 3类公共主要证书颁发机构-G5”导致以下例外:
01-17 17:46:54.759: E/Process(8764): java.security.cert.CertificateException: org.apache.harmony.xnet.provider.jsse.OpenSSLX509CertificateFactory$ParsingException: org.apache.harmony.xnet.provider.jsse.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0906D06C:PEM routines:PEM_read_bio:no start line
当我使用一个名称为“ VeriSign Class 3 Secure Server CA-G3”或名称为“
example.com”(与站点名称相同)的名称时,我得到的是相同的SSLHandshakeException。
我需要做什么?
同时,Symatec
SSL工具箱向我显示了一个错误和1条我不理解的建议:
Intermediate certificate missing.
VeriSign Class 3 Secure Server CA - G3
Update your certificate chain.
Your certificate chain is valid, but some older browsers may not recognize it. To support older browsers, download and install the missing intermediate certificate
在该站点上找到的3个证书如下:
**example.com** :
-----BEGIN CERTIFICATE-----
MIIGaDCCBVCgAwIBAgIQCG32zRgBgFoe6wciBqTuGjANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwMTA4
MDAwMDAwWhcNMTYxMjIyMjM1OTU5WjCCASYxCzAJBgNVBAYTAkJSMQswCQYDVQQI
EwJTUDEQMA4GA1UEBxQHVGF1YmF0ZTEcMBoGA1UEChQTTW9ycGhvIGRvIEJyYXNp
bCBTQTEMMAoGA1UECxQDVEJFMTgwNgYDVQQLEy9UZXJtcyBvZiB1c2UgYXQgd3d3
LmNlcnRpc2lnbi5jb20uYnIvcnBhIChjKSAwNDE+MDwGA1UECxM1QXV0aGVudGlj
YXRlZCBieSBDZXJ0aXNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFsIExUREExJzAl
BgNVBAsTHk1lbWJlciwgU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEpMCcGA1UEAxQg
bmZjZGVtby5tb3JwaG9jYXJkc2JyYXNpbC5jb20uYnIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDKx+bgoEz+fc3wKAmi+hTR39GS70qE3Zl68VVqQnfd
VH1qRp1GRFBls9vZ1IUJ0/bVRpU/FFzB8gAO8Z7DrJbLRMcOuqGUyhoNPcz35Kiw
L7ebT6E99H/hzm9Xfzy44GeRWJo+vyKQZ38Iz+4qfc+nWzQ913szF2+Q7kV4/Iyq
7syDs0gY8CYHPmsV+zbT2XgJUtZwc7cIspCxzzADQV63wg242W9N9akvp1BY8s7d
mKvOOIThT72pDdeKbTKrAyHUitKIAmMoAjF2bHs1jzVdxX3KdTnb0Z9CHxAHBlgw
fPA2K/02vTOJuvyApItkhCzlqekMPYbEHQshFLPVVQCFAgMBAAGjggH+MIIB+jAr
BgNVHREEJDAigiBuZmNkZW1vLm1vcnBob2NhcmRzYnJhc2lsLmNvbS5icjAJBgNV
HRMEAjAAMAsGA1UdDwQEAwIFoDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vU1ZS
U2VjdXJlLUczLWNybC52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY3JsMEQGA1Ud
IAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu
dmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
HwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBo
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUH
MAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1
cmVHMy5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw
HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u
dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQCXgvX1
68gMhEvTtuSQIoqxM0XozddBkRKwTo/t151AvimsJ0WnCVcN8IQt8SVrqitqV2Nl
qH+nx8EpQbTyFSbeYLZ9CPiQkPPayO3CjYMVSOPoyxchbe2GhvvFZDEU8Ec5Mv0Y
mLXkTJdRMO8IeT2H0qPvwBQtGk8CYuYlvkzWAh6eAL9VfyWLOqgkRnfUMR9EnFc3
8cByYjOZONDJJHEnAvJwfjbSQVukoxqOfdF+Pvxu+bfzDnZBAptKGAYxxw423gPq
qAKieSvRWuI/kkyDxL6ni3rkXg6r6sSOjpcSu/eVDk+Sl1B3F8cQws5lkMnTD5ak
n+WkjYxLCjrnmvUs
-----END CERTIFICATE-----
VeriSign 3类安全服务器CA-G3
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy
aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG
5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8
f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK
tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo
GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV
M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz
aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4
RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw
czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG
A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu
Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w
GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ
KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB
WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6
bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp
dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg
W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4
Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=
-----END CERTIFICATE-----
VeriSign 3类公共主要证书颁发机构-G5 :
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
问题答案:
更新:
-我从没做过这方面的专家,以下内容仅是一种解决方法,可能并不安全,请您自担风险-这篇文章已有3年以上历史,因此现在可能已过时(代码将无法编译),但您应该能够找到更新的方法或官方文档,其中指出某些部分已弃用或删除
感谢noloader向我指出校正方向。我使用以下方法解决了我的问题:
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);// my question shows how to get 'ca'
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
// Initialise the TMF as you normally would, for example:
tmf.init(ca);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];
TrustManager[] wrappedTrustManagers = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return origTrustmanager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
origTrustmanager.checkClientTrusted(certs, authType);
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
origTrustmanager.checkServerTrusted(certs, authType);
} catch (CertificateExpiredException e) {}
}
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, wrappedTrustManagers, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
在我的问题中提到的为该站点找到的3个证书中,对我有用的一个是 VeriSign 3类安全服务器CA-G3
类似资料:
-
问题内容: android应用有三台主机进行身份验证和授权。最终主机是REST API。首次使用Oauth身份验证和授权过程,它可以正常工作。 但是,如果 用户 在登录并访问REST API提供的服务后 杀死了该应用程序 ,然后再次打开该应用程序,则会出现此问题。 在这段时间内,身份验证和授权过程不会发生,只有REST API会发生。 这是造成原因, 但在首次使用(登录然后使用该应用程序)期间正在
-
我正在Android上开发一个客户端应用程序,它连接到我的服务器,它在负载均衡器后面的AWS上,我在GoDaddy上创建了一个SSL证书,并将其添加到负载均衡器上。 浏览器上的一切都很顺利,它可以识别证书,但是当我试图用Android调用API时,我遇到了一个例外: 我找到了一些讨论谁说在app上添加证书,但是在证书服务器端是不是就没有办法修复了呢?这不是证书的问题吗?
-
问题内容: 在我的服务器(生产服务器)中,我具有goDaddy ssl证书。我有iOS和Android应用程序都与服务器连接,iOS都没有问题连接,Android版本为4. 一切都很好,但是设备版本为2.3。我总是收到SSLHandshakeException。 我在Android开发人员页面(https://developer.android.com/training/articles/secu
-
我遇到了Android4设备的一个问题,它在连接到服务器时收到以下异常: 但出于某种原因,我不明白它在Android4版本中开始失败了。 我尝试了信任所有证书的解决方案[LINK],它起作用了,但这显然存在安全问题,比如将您的应用程序暴露于“中间人”攻击 如何实现具有默认行为但仅将服务器的证书白名单的TrustManager。 在证书链给了我两个证书的格式: 用获得的url和证书替换了示例中的ur
-
我正在创建一个android应用程序,它使用与服务器通信。我使用和发出请求。这些适用于标准请求。以下是我遵循的步骤。 步骤1:使用命令从服务器获取证书文件 步骤2:使用以下命令将证书转换为BKS格式 它要求我输入密码,文件成功创建。 第三步: 创建一个OkHttpClient,并使用它来发出https请求 第四步: 必须创建RestAdapter 但最后,当运行该应用程序时,它向我抛出。请帮我解决
-
我有一个通过SSL从node.js提供服务的网站。当我使用web浏览器(桌面和Android)访问站点时。一切都很好--当我检查证书是有效的并且一切看起来都很好时,锁出现了,表明站点是安全的。这应该意味着服务器设置正确,对吧? 然而,当我尝试使用Android WebView对完全相同的站点时,页面无法加载--我甚至在日志中看不到对该网页的请求。安德烈,在放松logcat上的过滤器后,我注意到了这