0

I have been unable to find a solution to this problem elsewhere so I am hoping someone here can provide some insight. My setup below:

keystore, myKeys.jks:

mine-private, 3/6/2014, PrivateKeyEntry
mine-trusted, 3/6/2014, trustedCertEntry

trust store, myTrust.jks:

trusted-cert-1, 3/6/2014, trusterCertEntry
trusted-cert-2, 3/6/2014, trusterCertEntry
mine-trusted, 3/6/2014, trustedCertEntry   <-- this is mine

What ends up happening is I get a message stating that my client has not been authenticated. Let me know if there is more information necessary

Responses to questions:

First off: what classes/library are you using? Simply the default https in java?

Apache HTTP Client, code below:

HttpClient client = new HttpClient();
GetMethod method = new GetMethod("https://foo.bar.baz/rest");  
client.executeMethod(method);

Secondly: how exactly are you registering the keystore/truststore? You need a custom SSLContext for this.

Don't think so, but could be wrong

-Djavax.net.ssl.trustStore="path/to/myTrust.jks"
-Djavax.net.ssl.trustStorePassword="password"
-Djavax.net.ssl.keyStore="path/to/myKeys.jks"
-Djavax.net.ssl.keyStorePassword="password"
4

2 回答 2

1

首先:你使用什么类/库?只是java中的默认https?

其次:您究竟是如何注册密钥库/信任库的?为此,您需要一个自定义 SSLContext。

初始示例:

SSLContext context = SSLContext.getInstance();
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password);

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);

context.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), null);

我知道的大多数库都支持设置可以从上下文中获取的自定义 SSLContext 或 SSLSocketFactory。

于 2014-03-07T12:44:51.897 回答