HTTPS和HTTP的区别及自定义证书使用教程

开心猴爷2025-12-10 17:54

HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。 它是一个URI scheme(抽象标识符体系),句法类同http:体系。用于安全的HTTP数据传输。https:URL表明它使用了HTTP,但HTTPS存在不同于HTTP的默认 端口 及一个加密/身份验证层(在HTTP与TCP之间)。这个系统的最初研发由网景公司(Netscape)进行,并内置于其浏览器Netscape Navigator中,提供了身份验证与加密 通讯 方法。现在它被广泛用于 万维网 上安全敏感的通讯,例如交易支付方面。

HTTPS和HTTP的区别

一、https协议需要到 ca 申请证书,一般免费 证书 很少,需要交费。

二、http是超文本传输协议,信息是明文传输,https 则是具有安全性的ssl加密传输协议。

三、http和https使用的是完全不同的连接方式,用的 端口 也不一样,前者是80,后者是443。

四、http的连接很简单,是无状态的;HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,比http协议安全。

对于网络抓包和分析,工具如 Sniffmaster 可以简化 HTTPS 流量的解密过程,它支持全平台抓包,无需代理或越狱。

第一种使用自定义证书

scss 复制代码 
SSLSocketFactory.getSocketFactory() 使用自定义证书不被系统承认
java 复制代码 
public static void GetNetWork() {
try {
String path = "https://192.168.0.102:8443/123.html";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLTrustAllSocketFactory
					.getSocketFactory(), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLTrustAllSocketFactory extends SSLSocketFactory {
private static final String TAG = "SSLTrustAllSocketFactory";
private SSLContext mCtx;
public class SSLTrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
			}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
			}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
			}
		}
public SSLTrustAllSocketFactory(KeyStore truststore) throws Throwable {
super(truststore);
try {
				mCtx = SSLContext.getInstance("TLS");
				mCtx.init(null,
new TrustManager[] { new SSLTrustAllManager() }, null);
				setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
			} catch (Exception ex) {
			}
		}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return mCtx.getSocketFactory().createSocket(socket, host, port,
					autoClose);
		}
@Override
public Socket createSocket() throws IOException {
return mCtx.getSocketFactory().createSocket();
		}
public static SSLSocketFactory getSocketFactory() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
						.getDefaultType());
				trustStore.load(null, null);
SSLSocketFactory factory = new SSLTrustAllSocketFactory(
						trustStore);
return factory;
			} catch (Throwable e) {
				Log.d(TAG, e.getMessage());
				e.printStackTrace();
			}
return null;
		}
	}

第二种 直接从 kyfw.12306.cn/otn/ 下载根证书 导入应用中 验证

ini 复制代码 
public static void GetNetWork2(Context context) {
try {
String path = "https://kyfw.12306.cn/otn/";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLCustomSocketFactory
					.getSocketFactory(context), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLCustomSocketFactory extends SSLSocketFactory {
private static final String TAG = "SSLCustomSocketFactory";
private static final String KEY_PASS = "123456";
public SSLCustomSocketFactory(KeyStore trustStore) throws Throwable {
super(trustStore);
		}
public static SSLCustomSocketFactory getSocketFactory(Context context) {
InputStream ins = null;
			KeyStore trustStore;
try {
				ins = context.getResources().openRawResource(R.raw.srca);
				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
				trustStore.load(null);
CertificateFactory certificateFactory = CertificateFactory
						.getInstance("X.509");
String certificateAlias = Integer.toString(2);
				trustStore.setCertificateEntry(certificateAlias,
						certificateFactory.generateCertificate(ins));
				ins.close();
SSLCustomSocketFactory factory = new SSLCustomSocketFactory(
						trustStore);
return factory;
			} catch (KeyStoreException e) {
				e.printStackTrace();
			} catch (IOException e) {
				e.printStackTrace();
			} catch (CertificateException e) {
				e.printStackTrace();
			} catch (NoSuchAlgorithmException e) {
				e.printStackTrace();
			} catch (Throwable e) {
				e.printStackTrace();
			}finally{
if(ins!=null){
try {
						ins.close();
					} catch (IOException e) {
						e.printStackTrace();
					}
				}
			}
return null;
		}
	}

不论是浏览器导出,还是服务器端获得,都是公钥证书,有两种格式:纯文本的.crt格式或是二进制的.cer格式。两种都可以用。

然后,你如果需要一个特定版本的JCE Provider,然后在这个目录下运行以下命令: keytool -importcert -v -trustcacerts -alias cert12306 -file srca.cer -keystore cert12306.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-148.jarr -storepass 123456

生成cert12306.bks文件 导入应用中

ini 复制代码 
public static void GetNetWork3(Context context) {
try {
String path = "https://kyfw.12306.cn/otn/";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLCustomSocketFactory2
					.getSocketFactory(context), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLCustomSocketFactory2 extends SSLSocketFactory {
private static final String TAG = "SSLCustomSocketFactory";
private static final String KEY_PASS = "123456";
public SSLCustomSocketFactory2(KeyStore trustStore) throws Throwable {
super(trustStore);
		}
public static SSLCustomSocketFactory2 getSocketFactory(Context context) {
InputStream ins = null;
			KeyStore trustStore;
try {
				ins = context.getResources().openRawResource(R.raw.cert12306);
				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
				trustStore.load(ins, KEY_PASS.toCharArray());
SSLCustomSocketFactory2 factory = new SSLCustomSocketFactory2(
						trustStore);
return factory;
			} catch (KeyStoreException e) {
				e.printStackTrace();
			} catch (IOException e) {
				e.printStackTrace();
			} catch (CertificateException e) {
				e.printStackTrace();
			} catch (NoSuchAlgorithmException e) {
				e.printStackTrace();
			} catch (Throwable e) {
				e.printStackTrace();
			}finally{
if(ins!=null){
try {
						ins.close();
					} catch (IOException e) {
						e.printStackTrace();
					}
				}
			}
return null;
		}
	}
相关推荐
用户2190326527354 小时前
Java后端必须的Docker 部署 Redis 集群完整指南
linux·后端
VX:Fegn08954 小时前
计算机毕业设计|基于springboot + vue音乐管理系统(源码+数据库+文档)
java·数据库·vue.js·spring boot·后端·课程设计
bcbnb4 小时前
苹果手机iOS应用管理全指南与隐藏功能详解
后端
用户47949283569154 小时前
面试官:DNS 解析过程你能说清吗?DNS 解析全流程深度剖析
前端·后端·面试
幌才_loong4 小时前
.NET8 实时通信秘籍:WebSocket 全双工通信 + 分布式推送,代码实操全解析
后端·.net
开心猴爷4 小时前
iOS应用发布:App Store上架完整步骤与销售范围管理
后端
JSON_L4 小时前
Fastadmin API接口实现多语言提示语
后端·php·fastadmin
开心就好20255 小时前
当 altool 退出历史舞台,iOS 上传链路的演变与替代方案的工程实践
后端
热门推荐
01GitHub 镜像站点02【超详细教程】手把手教你从微软官网免费下载Windows 10官方原版ISO镜像(2025最新版)03安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)04UV安装并设置国内源05BongoCat - 跨平台键盘猫动画工具06Linux下V2Ray安装配置指南07React CVE-2025-55182漏洞排查与修复指南08本地部署阿里最新开源的Z-Image09从入门到实战:Gemini 3 使用指南速览10在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)