我使用基本的auth标头开发了一个安全的Spring boot Rest Api,现在我正尝试添加SSL以保护“中间人”攻击,如春季教程所建议的,所以I activated the SSL security on my spring by generating a keystore.JKS that I Added to the ressources. server works fine .

现在,我有一个JavaFX Client,我在其中使用Unirest Api来执行我的请求,但我不知道如何更新我的客户端以成功向我的服务器发送获取/发布请求.

我尝试了太多教程,但没有任何作品我不想禁用ssl

这是我的Spring Boot配置：

 # The format used for the keystore 
 server.ssl.key-store-type=JKS
 # The path to the keystore containing the certificate
 server.ssl.key-store=classpath:keystore.jks
 # The password used to generate the certificate
 server.ssl.key-store-password=mypass
 # The alias mapped to the certificate
 server.ssl.key-alias=tomcat

当我确实接受chrome证书时,我的服务器使用Postman可以很好地启动.

对于我的Java客户端,我正在使用以下代码段：

public class MainApp extends Application {

private static Stage parent;
private static Parent root;

 static
    {
      System.setProperty("javax.net.ssl.trustStore","c:/ssl/keystore.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "mypass");
      System.setProperty("javax.net.ssl.keyStore", "c:/ssl/keystore.jks");
      System.setProperty("javax.net.ssl.keyStorePassword", "mypass");
   }

@Override
public void start(Stage stage) throws Exception {


      Unirest.setHttpClient(HttpClients.createSystem());

    root = FXMLLoader.load(getClass().getResource("/fxml/Scene.fxml"));
    parent = stage;
    Scene scene = new Scene(root);
    scene.getStylesheets().add("/styles/Styles.css");
    stage.initStyle(StageStyle.TRANSPARENT);
    scene.setFill(Color.TRANSPARENT);

    stage.setTitle("JavaFX and Maven");
//        stage.setOpacity(0.2);
    stage.setScene(scene);
    stage.show();

}

如您所见,我正在尝试在应用程序启动中配置Unirest httpClient

  HttpResponse<String> asJson = Unirest.get("http://localhost:8181/logins/login/?us_username=" + username.getText() + "&us_pwdusr=" +  Crypto.getSha(password.getText()))
                    .header("authorization", "Basic " + value)
                    .header("cache-control", "no-cache").asString();

但是当我通过服务器执行get方法时(服务器中的重定向已从8181和8080激活到8443),我得到以下错误

Caused by: com.mashape.unirest.http.exceptions.UnirestException:
javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn’t match any of the subject alternative names: [] at
com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:143)
at
com.mashape.unirest.request.BaseRequest.asString(BaseRequest.java:56)
at
easypos.easyposclientfx.FXMLController.login(FXMLController.java:130)
… 59 more

Caused by: javax.net.ssl.SSLPeerUnverifiedException:
Certificate for doesn’t match any of the subject
alternative names: [] at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at
com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138)
… 61 more

尝试阅读此书,我确实知道我的证书别名或名称可能是我所有的证书都未在系统中注册

为了响应这个想法,我确实将证书添加到java jre环境中的cacerts中,但是仍然存在相同的错误

我应该怎么做才能解决这个问题？

这是建议的证书

解决方法:

您所建议的异常如下：

您的客户端系统的Java密钥库(客户端应用程序正在使用的JRE)正在向服务提供商索取证书,并且在接收到该证书时,它无法将服务器的使用者替代名称与此匹配.

示例：您正在像http://localhost:8181/logins/login那样调用Web服务

但是,您的REST生产者服务上安装的证书的主题名称类似“ abc.com”,这会在localhost和abc.com比较之间造成不匹配,从而引发错误.

为了在本地测试服务和客户端的交互,可以使用以下任何一种技术：

>创建一个主题名称为localhost的新证书,并使用它
客户端密钥库以及其余生产者中的证书
>在本地安装Apache HTTP服务器,启用mod_ssl模块以启用
https.完成后,通过在主机文件中创建主机条目来欺骗DNS
您的主机名和IP地址为127.0.0.1

您是否可以共享自签名证书的屏幕截图,如下图所示：

它将帮助社区探索更多选择,以更好地帮助您.