我正在执行这个curl命令,它运行良好。
curl --tlsv1.2 -k -iv -X POST -H "Content-Type:text/xml" --key node-key.key --cert node.crt --data-raw 'PAYLOAD' https://IP_ADDRESS:PORT/uri -u "test:test"
我用密钥和证书创建了一个p12文件:
openssl pkcs12 -export -in node.crt -inkey node-key.key -out node-store.p12
并通过以下命令从服务器获取自签名证书(然后将输出保存在node-self-sign.pem中):
openssl s_client -connect IP_ADDRESS:PORT 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
并使用以下命令为node-self-sign.pem生成jks:
keytool -keystore node-KeyStore.jks -alias selfsigncert -import -file node-self-sign.pem
并在以下spring Boot 代码中使用jks文件和p12文件:
@PostConstruct
public void initEcwConnection() {
try {
File cert = new File(ecwCertPath);
SSLContext sslContext = SSLContextBuilder.create()
.loadTrustMaterial(jks,pass.toCharArray())
.loadKeyMaterial(p12, pass.toCharArray(),pass.toCharArray())
.build();
CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(client);
} catch (Exception exp) {
LOGGER.error(exp.getMessage(), exp);
}
}
并按如下方式使用restTemplate
HttpHeaders headers = new HttpHeaders();
File file = new File("paybundle.xml");
FileInputStream fis = new FileInputStream(file);
String payload = new String(fis.readAllBytes());
HttpEntity<String> entity = new HttpEntity<String>(payload, headers);
ResponseEntity<String> response = ecwTemplate.exchange("https://IP_ADDRESS:8010/vsl/preapproval",HttpMethod.POST, entity,String.class);
System.out.println(response.getBody());
输出:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP_ADDRESS> doesn't match any of the subject alternative names: []
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ~[spring-web-5.3.19.jar:5.3.19]
enter code here
1条答案
按热度按时间kxe2p93d1#
您几乎已完成,只需使用以下命令检查证书文件中的CN
并使用CN连接到服务器