自签名证书,通俗地解释就是自己作为CA颁发者,客户端访问时信任即可正常访问,以下引用:关于SSL中证书颁发机构(CA)的一些基本概念
一般自签名证书不能用来进行身份认证,如果一个服务端使用自签名证书,客户端两种方法,一种就是无条件信任该证书,另外一种则需要将自签名证书的公钥和私钥加入受信任列表。但这样一来就增加了服务器的私钥泄露风险。
那么在一些特定环境场景中,我们需要使用ajax方式请求来自自签名证书服务器的接口,在浏览器中我们可以手动信任,在数据请求中,我们通常只能绕过证书认证来获取到数据
1、jQuery中最简单粗暴地使用jsonp方式
$.ajax({
url : '//sslzoo.com',
type : "POST",
dataType : 'jsonp',
data : params,
jsonp: 'callback'//传递给后台程序,用来获取jsonp回调函数名的参数名
success : function(data) {}
})
url参照非同源接口的方式请求,返回的数据格式为jsonp
参考:http://www.cnblogs.com/koleyang/p/4654439.html
http://blog.csdn.net/xiangnan129/article/details/54409089
2、PHP下解决思路还是跳过ssl认证
在curl请求时,加入以下代码
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 跳过证书检查
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); // 从证书中检查SSL加密算法是否存在
原文引用来自:http://blog.csdn.net/fdipzone/article/details/39611461
<?php
/** curl 获取 https 请求
* @param String $url 请求的url
* @param Array $data 要發送的數據
* @param Array $header 请求时发送的header
* @param int $timeout 超时时间,默认30s
*/
function curl_https($url, $data=array(), $header=array(), $timeout=30){
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 跳过证书检查
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); // 从证书中检查SSL加密算法是否存在
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
$response = curl_exec($ch);
if($error=curl_error($ch)){
die($error);
}
curl_close($ch);
return $response;
}
// 调用
$url = 'https://www.example.com/api/message.php';
$data = array('name'=>'fdipzone');
$header = array();
$response = curl_https($url, $data, $header, 5);
echo $response;
?>
3、JAVA中绕过SSL认证
JAVA中主要使用HttpClient进行POST请求(HTTPS),用一个类继承DefaultHttpClient类,忽略校验过程。
原文来自:http://blog.csdn.net/rongyongfeikai2/article/details/41659353#
a. 写一个SSLClient类,继承至HttpClient
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
//用于进行Https请求的HttpClient
public class SSLClient extends DefaultHttpClient{
public SSLClient() throws Exception{
super();
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
b. 写一个利用HttpClient发送post请求的类
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
/*
* 利用HttpClient进行post请求的工具类
*/
public class HttpClientUtil {
public String doPost(String url,Map<String,String> map,String charset){
HttpClient httpClient = null;
HttpPost httpPost = null;
String result = null;
try{
httpClient = new SSLClient();
httpPost = new HttpPost(url);
//设置参数
List<NameValuePair> list = new ArrayList<NameValuePair>();
Iterator iterator = map.entrySet().iterator();
while(iterator.hasNext()){
Entry<String,String> elem = (Entry<String, String>) iterator.next();
list.add(new BasicNameValuePair(elem.getKey(),elem.getValue()));
}
if(list.size() > 0){
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list,charset);
httpPost.setEntity(entity);
}
HttpResponse response = httpClient.execute(httpPost);
if(response != null){
HttpEntity resEntity = response.getEntity();
if(resEntity != null){
result = EntityUtils.toString(resEntity,charset);
}
}
}catch(Exception ex){
ex.printStackTrace();
}
return result;
}
}
当然了,大费周折只是为了绕过ssl认证,而廉价的DV数字证书足以应付基本的安全需求,又何来自签名证书场景呢。