在我正在开发的应用程序中,我需要与使用自签名证书的Web服务器建立HTTPS连接。我一直在收到证书不受信任的错误提示,后来在参考了Stack Overflow之后,我找到了这篇博客文章:http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/
我使用Keytool命令为我的本地Tomcat创建了一个JKS密钥库,命令如下:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
我使用一个名为portecle的开源工具,从JKS密钥库中提取了DER编码格式的证书。
然后,我使用同样的portecle工具创建了一个新的BKS密钥库,并使用android内置的Bouncy Castle提供程序支持上述证书。
现在,如果我像第一个URL中所示进行http post请求,则在logcat中会出现以下异常。
WARN/System.err(498): javax.net.ssl.SSLException: Not trusted server certificate
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
WARN/System.err(498): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
WARN/System.err(498): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
WARN/System.err(498): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
WARN/System.err(498): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
WARN/System.err(498): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
WARN/System.err(498): at com.portal.activity.Registration$ProgressThread.run(Registration.java:324)
WARN/System.err(498): Caused by: java.security.cert.CertificateException: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:151)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
WARN/System.err(498): ... 10 more
WARN/System.err(498): Caused by: java.security.InvalidAlgorithmParameterException: the trust anchors set is empty
WARN/System.err(498): at java.security.cert.PKIXParameters.checkTrustAnchors(PKIXParameters.java:611)
WARN/System.err(498): at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:86)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.<init>(TrustManagerImpl.java:82)
WARN/System.err(498): at org.apache.harmony.xnet.provider.jsse.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:132)
WARN/System.err(498): at javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:226)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.createTrustManagers(SSLSocketFactory.java:263)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:190)
WARN/System.err(498): at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:216)
WARN/System.err(498): at com.portal.httpclient.MyHttpClient.newSslSocketFactory(MyHttpClient.java:51)
WARN/System.err(498): at com.portal.httpclient.MyHttpClient.createClientConnectionManager(MyHttpClient.java:31)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:221)
WARN/System.err(498): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:539)
WARN/System.err(498): ... 3 more
我的HttpClient与第一个URL中的相同,只是将http和https的端口分别更改为8080和8443,而不是80和443。
请帮忙。