//证书地址
public static final String PATH = "XX.pfx";
//密码
public static final String PASSWORD = "aaa";
public static CloseableHttpClient initSSLConfig() throws Exception {
//证书类型
KeyStore keyStore = KeyStore.getInstance("PKCS12");
//加载根证书
keyStore.load(new FileInputStream(PATH),PASSWORD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, PASSWORD.toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sc,
// 指定TLS版本
new String[]{"TLSv1.2"},
// 指定算法
new String[]{"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
// 取消域名验证
new HostnameVerifier(){
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
}
);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
return httpClient;
}
标签:TLS,Java,String,证书,KeyManagerFactory,PKCS12,new,Http,public From: https://www.cnblogs.com/zqdfound/p/17754988.html