我的网站有地址https://blablabla.com(不是实际的)。它没有CA批准的证书。因此,任何访问网站的用户都会获得证书例外(在浏览器上);这个例外他/她必须添加到浏览器,然后网站开始在浏览器上工作。
我有以下内容:
- 配置为建立HTTPS连接并需要客户端证书的服务器
- 这个服务器的证书不是由标准的大型CA颁发的。简而言之,如果我通过Android中的浏览器访问这个连接,它会抛出异常,因为设备信任库无法识别CA。(所以它是自签名的)
- 本质上是自签名的客户端证书
- 加载此自签名证书并尝试连接到上述服务器的Android应用程序,但存在以下问题/属性:
当服务器配置为不需要客户端证书时,客户端可以连接到服务器。连接工作正常,但我在android上没有得到任何响应。
我已经编写了一些API并将它们上传到服务器上。当我从手机端调用API时,我想在手机上得到结果。但是,我没有得到服务器的响应;我想我错过了什么。这就是我所做的。。请帮帮我。
private static final HostnameVerifier DUMMY_VERIFIER = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
public static String method(String url)
throws Exception {
// Trust manager to accept all certificates..
TrustManager localTrustManager = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
};
HttpsURLConnection con = null;
try {
// URL object is built..
URL urlObj = new URL(url);
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(null, new TrustManager[] { localTrustManager },
new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslc
.getSocketFactory());
// Connection is established..
con = (HttpsURLConnection) urlObj.openConnection();
con.setHostnameVerifier(DUMMY_VERIFIER);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
con.setUseCaches(false);
con.setDoOutput(true);
DataOutputStream writer_stream = new DataOutputStream(
con.getOutputStream());
// for sending info to server..
writer_stream.writeBytes(new_request);
writer_stream.flush();
writer_stream.close();
// Get Response from the server..
InputStream is = con.getInputStream();
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
String line;
StringBuffer response = new StringBuffer();
while ((line = rd.readLine()) != null) {
response.append(line);
response.append('r');
}
rd.close();
return response.toString();
} catch (Exception e) {
e.printStackTrace();
return null;
} finally {
if (con != null) {
con.disconnect();
}
}
}
这是我在MainActivity 的onCreate方法中所做的
HttpsURLConnection.setDefaultHostnameVerifier(new NullHostNameVerifier());
try {
SSLContext context = SSLContext.getInstance("TLS");
TrustManager[] tm = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
// not implemented
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
// not implemented
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}catch(Exception e){}