访问的网站证书无效,internet帮助中的证书错误

java后端访问https证书问题

java后端通过https获取图像

publicstaticvoidmain (字符串[ ] args (try ) bufferedimageimage=imageio.read ) newurl (https://10.128.33.56:00 popoo //输出kfdm stream=newbytearrayoutputstream (； imageio.write(image，' jpg '，stream )； stringstr=base64.encode base64 string (stream.to bytearray ().replaceAll ('，' ) ).replaceAll ) ((rwmdlfn ' ) system.out.println(str； }catch(exceptione ) { log.error )“图像获取异常”，e )； }由于未安装证书，因此报告以下错误

avax.net.SSL.sslhandshakeexception : sun.security.validator.validator exception : pkixpathbuildingfailed 3360 SSL etofindvalidcertificationpathtorequestedtargetatcom.sun.net.SSL.internal.SSL.aasl s.Java :150 ) atcom.sun . atcom.sun.net.SSL.internal.SSL.handshake r.fatalse (handshake r.Java :174 ) atcom.sun.net.SSL.interner atcom.sun.net.SSL.internal.SSL.clienthandshaker.process message (clienthandshaker.Java 3360106 )。 atcom.sun.net.SSL.internal.SSL.handshake r.process loop (handshake r.Java :495 )。 atcom.sun.net.SSL.internal.SSL.handshake r.process _ record (handshake r.Java 3360433 ) )。 atcom.sun.net.SSL.internal.SSL.SSL socket impl.read record (SSL socket impl.Java 3360815 ) )。 atcom.sun.net.SSL.internal.SSL.SSL socket impl.performinitial handshake (SSL socket impl.Java 33601025 ) )。 atcom.sun.net.SSL.internal.SSL.SSL socket impl.start handshake (SSL socket impl.Java :1038 ) atinstalllcert.mate dator exception : pkixpathbuildingfailed 3360 sun.security.provider.certpaaaty 3360 unabletofindvalidcertificationpathtonpathtoreqtor id ator.pkix validator.do build (at sun.security.validator.pkix validator.engine validate (pkix validator.Java 3360145 ) atcom.sun.net.SSL.internal.SSL.x509可信管理器impl.checkservertrusted (x509可信管理器

l.java:172)at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)... 7 more 浏览器访问此地址，点击证书
下载证书



将证书复制到jdk目录
D:programJavajdk1.8.0_271jrelibsecurity 下面
安装证书：keytool -import -alias abc -keystore cacerts -file img_https.cer -storepass changeit
删除证书：keytool -delete -keystore cacerts -file img_https.cer -storepass changeit

安装完成。 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.128.33.56 foundat sun.security.ssl.Alert.createSSLException(Alert.java:131)at sun.security.ssl.TransportContext.fatal(TransportContext.java:353)at sun.security.ssl.TransportContext.fatal(TransportContext.java:296)at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279)at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:587)at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)at java.net.URL.openStream(URL.java:1067)at cn.cloudwalk.util.ImageUtils.main(ImageUtils.java:73)Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.128.33.56 foundat sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:173)at sun.security.util.HostnameChecker.match(HostnameChecker.java:99)at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:441)at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:422)at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:228)at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)... 18 common frames omitted

解决：
类中加入下面代码，静态块中，程序启动就运行;
测试发现，用下面代码禁用SSL验证，不用导入证书也可正常运行。

static { disableSslVerification(); } private static void disableSslVerification() { try { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } }

这样就可以正常访问到https的资源了。