自签证书参考:window和ubuntu自签证书_windows 自签证书-CSDN博客
java
// certFilePath: 直接放在 resources 目录下 或者可以自定实现读取逻辑
// 读取的是 .crt 证书文件
public static OkHttpClient createTrustingOkHttpClient(String certFilePath) throws Exception {
// 1. 加载证书
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certInput = SSLUtil.class.getClassLoader().getResourceAsStream(certFilePath);
if (certInput == null || certInput.available() == 0) {
throw new RuntimeException("证书读取失败");
}
X509Certificate ca = (X509Certificate) cf.generateCertificate(certInput);
// 2. 创建KeyStore并导入证书
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// 3. 创建TrustManager信任我们的KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// 4. 创建SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
// 5. 创建OkHttpClient
return new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0])
.hostnameVerifier((hostname, session) -> true) // 可选:禁用主机名验证
.build();
}
public static void main(String[] args) throws Exception {
// 构建 OkHttpClient
OkHttpClient insecureClient = createTrustingOkHttpClient("test_10.crt");
MinioClient client = MinioClient.builder()
.endpoint("https://192.168.0.101:9000")
.credentials("abc-bucket", "123456")
.region("us-east-1")
.httpClient(insecureClient)
.build();
List<Bucket> buckets = client.listBuckets();
System.out.println(buckets);
}