(点击
上方公众号
,可快速关注)
来源:WhyWin,
www.cnblogs.com/0201zcr/p/6523956.html
如有好文章投稿,请点击 → 这里了解详情
1、报错信息
java.security.cert.CertificateException: No name matching api.weibo.com found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching api.weibo.com found
原因
:在调用api.weibo.com的时候,我们使用的是https的方式,正常情况下应该是使用api.weibo.com的证书,但由于某些原因,我们只能使用自己的证书,导致在验证证书的时候,就报了这个错误。
解决的办法
:忽略服务端和客户端的证书校验即可。java 提供的相关的类。
2、具体实现方式
通过重写TrustManager的checkClientTrusted(检查客户端证书信任)和checkServerTrusted(检查服务端证书验证)。
以及HostnameVerifier的verify(校验)方法即可取消对证书的所有验证。
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public final class DisableSSLCertificateCheckUtil {
private static final Logger LOGGER = LoggerFactory.getLogger(DisableSSLCertificateCheckUtil.class);
/**
* Prevent instantiation of utility class.
*/
private DisableSSLCertificateCheckUtil() {
}
/**
* Disable trust checks for SSL connections.
*/
public static void disableChecks() {
try {
new URL("https://0.0.0.0/").getContent();
} catch (IOException e) {
// This invocation will always fail, but it will register the
// default SSL provider to the URL class.
}
try {
SSLContext sslc;
sslc = SSLContext.getInstance("TLS");
TrustManager[] trustManagerArray = {new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}};
sslc.init(null, trustManagerArray, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
