这是通过组合得到的解决方案java - 忽略过期的ssl证书 and Java SSL:如何禁用主机名验证.
public class IgnoreExpiredServerCertificateAgent {
public static void premain(String args, Instrumentation inst) throws Exception {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustManager = (X509TrustManager) trustManagers[0];
TrustManager[] wrappedTrustManagers = new TrustManager[]{
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return origTrustManager.getAcceptedIssuers();
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
origTrustManager.checkClientTrusted(certs, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
origTrustManager.checkServerTrusted(certs, authType);
} catch (CertificateExpiredException ignored) {
}
}
}
};
//SSLContext sc = SSLContext.getDefault();
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, wrappedTrustManagers, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
}
然后只需添加-javaagent:IgnoreExpiredServerCertificateAgent.jar
程序的 java 启动参数。
也可以看看SSL 和 TLS 的区别及其在 Java 中的用法 and Java 8 SSLContext.getInstance("TLSv1.2") 是什么意思?为适当的论证SSLContext.getInstance()
在你的情况下。
另请注意,证书过期的服务器也可能会自行检查匹配的客户端证书是否过期:
引起:javax.net.ssl.SSLHandshakeException:收到致命警报:
证书_过期于
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
在
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
在
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
在
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
在
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
在
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
在
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
在
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
在
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
在
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
在
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
在
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
如果您遇到这样的堆栈跟踪,那么没有办法在不接触服务器的情况下缓解问题。
正确的解决方案是重新颁发具有未来到期日期的证书。