我在本地计算机上安装了 Apache 2 服务器。首先,我使用单向 SSL 配置它并尝试从 Android 连接它。为了配置我自己的 1-way SSL Apache 2 服务器,我必须创建服务器证书。我使用以下命令完成了它:
openssl genrsa -out server.key 2048
openssl req -config ./openssl.cnf -new -key server.key -out server.req
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer
然后,我获取了 server.cer 文件并使用 java keytool 将其转换为 BKS。来自 Android 的身份验证有效。 然后,我继续我的 Apache 2 服务器的 2-way SSL 配置 并尝试通过 Android 与它进行通信。我没能让它发挥作用…… 我使用以下命令创建客户端证书:
openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer
openssl genrsa -out client.key 2048
openssl req -config ./openssl.cnf -new -key client.key -out client.req
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
导入 client.p12 文件后,它可以从 PC 浏览器运行。 对于 Android,我将 client.p12 文件转换为 BKS 格式(使用 Portecle 工具),但它似乎不起作用。也许转换没有正确完成?!我总是得到 javax.net.ssl.SSLPeerUnverifiedException: No peer certificate Exception。有谁知道可能是什么问题? 这是 Android 代码:
public class SslTestActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try {
// load truststore certificate
InputStream clientTruststoreIs = getResources().openRawResource(
R.raw.server);
KeyStore trustStore = KeyStore.getInstance("BKS");
trustStore.load(clientTruststoreIs, "mypassword".toCharArray());
System.out.println("---- Loaded server certificates: "
+ trustStore.size());
// load client certificate
InputStream keyStoreStream = getResources().openRawResource(
R.raw.clientt);
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(keyStoreStream, "password".toCharArray());
System.out
.println("-------Loaded client certificates: " + keyStore.size());
// initialize SSLSocketFactory to use the certificate
SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS,
keyStore, "password", trustStore, null, null);
// Set basic data
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "UTF-8");
// Register http/s shemas!
SchemeRegistry schReg = new SchemeRegistry();
schReg.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
schReg.register(new Scheme("https", socketFactory, 443));
ClientConnectionManager conMgr = new ThreadSafeClientConnManager(
params, schReg);
DefaultHttpClient sClient = new DefaultHttpClient(conMgr, params);
try {
String res = executeHttpGet(sClient, "https://10.41.0.102/");
System.out.println("------- SSL RESULT IS = " + res);
} catch (Exception e) {
System.out.println("---- ex " + e.getMessage());
e.printStackTrace();
}
} catch (Exception e) {
System.out.println("------Exception " + e.getMessage());
e.printStackTrace();
}
}
public String executeHttpGet(DefaultHttpClient client, String url) throws Exception {
BufferedReader in = null;
try {
HttpGet request = new HttpGet();
request.setURI(new URI(url));
HttpResponse response = client.execute(request);
in = new BufferedReader(new InputStreamReader(response
.getEntity().getContent()));
StringBuffer sb = new StringBuffer("");
String line = "";
String NL = System.getProperty("line.separator");
while ((line = in.readLine()) != null) {
sb.append(line + NL);
}
in.close();
String result = sb.toString();
return result;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}}
谢谢
最佳答案
您的代码似乎是正确的。以下是您可以尝试的几件事:
列出来自 Android 的 keystore 的内容,以确保存在正确的证书并且可以解析。
在服务器端开启SSL调试并查看日志
- 检查 logcat 以查看是否有任何错误/警告。
关于android - Android 中的 2 路 SSL : client authentication not working,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7037892/