惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
T
Threatpost
阮一峰的网络日志
阮一峰的网络日志
美团技术团队
F
Fortinet All Blogs
The GitHub Blog
The GitHub Blog
月光博客
月光博客
V
Visual Studio Blog
T
Tailwind CSS Blog
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
Jina AI
Jina AI
J
Java Code Geeks
Martin Fowler
Martin Fowler
大猫的无限游戏
大猫的无限游戏
Recorded Future
Recorded Future
C
Check Point Blog
腾讯CDC
N
Netflix TechBlog - Medium
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
Hacker News: Ask HN
Hacker News: Ask HN
SecWiki News
SecWiki News
博客园 - Franky
Hacker News - Newest:
Hacker News - Newest: "LLM"
N
News | PayPal Newsroom
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security @ Cisco Blogs
W
WeLiveSecurity
The Last Watchdog
The Last Watchdog
Cloudbric
Cloudbric
F
Full Disclosure
The Cloudflare Blog
Y
Y Combinator Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Google DeepMind News
Google DeepMind News
MongoDB | Blog
MongoDB | Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
AI
AI
N
News and Events Feed by Topic
T
Tor Project blog
P
Palo Alto Networks Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
H
Hackread – Cybersecurity News, Data Breaches, AI and More
G
Google Developers Blog

博客园 - silyvin

sock5代理及隧道(三)dns用谁的【yetdone】 一个字符串可以是什么 微服务的同步异步(二)一个线程多个请求与一个连接多个请求(http2),客户端的多路复用 吞吐量、线程数、队列(好像没什么用) 去中心化的jwt(二)HS256、RS256、分级 什么叫无状态 直接进老年代的大对象指的是shallow还是retained 如何定义强一致和MVCC 三方支付为什么不用双向ssl,与U盾 事务消息与本地消息表的联系 再谈线程池或连接池容量怎么定 【删除】微信支付的收单机构 【删除】TLS前向保密 缓存一致性的根本原因 ssl pinning clienthello会不会拆粘包,为什么每次wireshark看到的都是正好的 转账tcc 安全采集jvm https代理服务器(八)安卓7 https代理服务器(七)假如被CA出卖 spi 微服务的同步异步【重要】 为什么tcp要用mss oauth为什么要传输secret https代理服务器(五)换电脑 多线程插入也是随机io,那为啥不用uuid【yetdone】 http长连接维护 【yet】
https代理服务器(六)再次java动态签发【成功】
silyvin · 2025-10-28 · via 博客园 - silyvin

1

X500Name canamem = new X500Name(caCertificate.getSubjectX500Principal().getName());

改为

X500Name issuerName = new JcaX509CertificateHolder(caCertificate).getSubject();

否则写入keystore时报错 KeyStoreException: Certificate chain is not valid

2

GeneralNames generalNames = new GeneralNames(
new GeneralName[]{new GeneralName(GeneralName.dNSName, subject),
new GeneralName(GeneralName.dNSName, "hhh.com")}
);
certificateBuilder.addExtension(
org.bouncycastle.asn1.x509.Extension.subjectAlternativeName,
false,
generalNames
);

必须,iphone实测

3

System.setProperty("javax.net.ssl.trustStore", "rootCA.pem");

这一句不能加

/Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home!/java.base/sun/security/ssl/TrustStoreManager.class

static {
fileSep = File.separator;
defaultStorePath = GetPropertyAction.privilegedGetProperty("java.home") + fileSep + "lib" + fileSep + "security";
defaultStore = defaultStorePath + fileSep + "cacerts";
jsseDefaultStore = defaultStorePath + fileSep + "jssecacerts";
}

sun.security.ssl.TrustStoreManager.TrustStoreDescriptor#createInstance

String storePropName = System.getProperty("javax.net.ssl.trustStore", TrustStoreManager.TrustStoreDescriptor.jsseDefaultStore);

 否则好像这个地方报错,不记得了

public static SSLContext getSslContextSuper(String host) throws Exception {
SSLContext sslContext = SSLContext.getInstance("TLSv1");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = CertificateGenerator.genkeyStore(host);
char[] passArray = "changeit".toCharArray();
kmf.init(ks, passArray);
sslContext.init(kmf.getKeyManagers(), null, null);
return sslContext;
}

image

new Date(System.currentTimeMillis() - 60000),  

服务器证书starttime给扰动,否则iphone和mac时间不一样或者传输太快iphone会判定证书过期

5 碎碎念

image