Documentum Rest Service - 信任来自 Java 客户端的 SSL 证书

更新时间:2022-02-26 22:22:49

您必须将 https://dctm-rest 上的服务器证书包含到您的 JRE(信任库)的白名单中

You have to include the server certificate at https://dctm-rest into the whitelist of your JRE (the truststore)

1) 在 JRE trustore 中包含服务器证书 (jre/lib/security/cacerts) (不推荐)


To download the server certificate, open site with browser, right-click on green lock, select 'view certificate' and download

探索 cacerts 和导入可信证书的最简单方法是使用像 portecle 这样的 GUI 工具 (http://portecle.sourceforge.net/).你也可以使用keytool

The simplest way to explore cacerts and import trusted certificate is to use a GUI tool like portecle (http://portecle.sourceforge.net/). You can also use keytool

keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts -alias mycert -noprompt -storepass changeit -file /tmp/examplecert.crt

参见如何将自签名证书正确导入 Java 密钥库,默认情况下所有 Java 应用程序都可以使用该证书?

2) 使用您自己的信任库并包含服务器证书(推荐)

2) Use your own truststore and include the server certificate (recommended)

System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");

您还可以创建一个 SSLSocketFactory 并在连接之前添加到您的连接或使用静态方法应用于所有连接

You can also create an SSLSocketFactory and add to your connection before connecting or apply to all connections using the static method



This is an example to create the socket factory

//Load JKS keystore that includes the server certificate or the root
KeyStore keyStore = ... 
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
sslFactory = ctx.getSocketFactory();

3) 完全不要使用信任库(完全不推荐)

请参阅为单个连接禁用 SSLHandshakeException(我不会复制解决方案)

See Disable SSLHandshakeException for a single connection (I will not copy the solution)