KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File(KEYSTORE_FILE_PATH));
//
// try {
// trustStore.load(instream, KEYSTORE_PASSWORD.toCharArray());
// } finally {
// instream.close();
// }
// Trust own CA and all self-signed certs
//SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
// SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
// Allow TLSv1 protocol only
// SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
// new String[] { "TLSv1" }, null,
// SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
// httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
//之前用过证书,后来证书有问题就没有用了,用的是任意url都信任的方式,如下:
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpPost httpPost = new HttpPost("https://localhost:8080/login");
httpClient.excute(httpPost);
报错如下:javax.net.ssl.SSLException: hostname in certificate didn't match: !=
hostname in certificate didn't match
所用的证书不是这个host对应的,验证失败
这里有一个同样问题,参考:http://my.oschina.net/sourcecoding/blog/80698