如何在 Android Studio 中允许防火墙生成的 SSL 证书?
How can I allow firewall-generated SSL certificates in Android Studio?
我们的新防火墙提供透明代理,它为安全 (HTTPS) 连接颁发自签名 SSL 证书。
Android工作室让我接受两个证书,我确认了。
现有项目构建良好。仅当我在 build.gradle 文件中更改或添加依赖项时,才会出现此错误消息:
Gradle 'MyApp' project refresh failed
Error:Cause: unable to find valid certification path to requested target
有没有办法告诉 Gradle 插件信任防火墙生成的 SSL 证书?
我在这个答案中找到了有效的 solution/workaround:
我在两个地方用 maven { url "http://jcenter.bintray.com" } 替换了 jcenter()。
此解决方法要求 jcenter 可通过 HTTP 访问,出于安全原因将来可能会被禁用。
应始终避免降级安全性 ;)
根据 Jetbrains post:
存在解决方案
Eh, this is a Jetbrains/IDEA issue. Despite being able to pick the gradle wrapper's Java installation, the grabbing of the wrapper is still done with the JRE which the IDE is currently using... Preventing the wrapper from even starting. It should prompt to trust the certificate like everywhere else in the IDE but it does not. In the interim I have posted instructions to fix this for those who need it. (This issue persists in 2017.2.1)
根据对 post 的评论,我写了这个 bash 脚本:
#!/bin/bash
set -eu
CA_PEM_FILE="${1?Missing path to certificate file}"
ANDROID_STUDIO_PATH="${2:-/opt/android-studio/jre/jre/lib/security}"
if [ -f "${CA_PEM_FILE}" ]
then
printf "\n>>> ADDING A CERTIFICATE TO ANDROID STUDIO <<<\n"
# https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle
cd "${ANDROID_STUDIO_PATH}" && \
printf "changeit\nyes\n" | keytool -keystore cacerts -importcert -alias ProxyCertificate -file "${CA_PEM_FILE}" && \
printf "\n >>> CERTICATE ADDED SUCCESEFULY<<<\n"
else
printf "\n >>> FATAL ERROR: Certificate not found in path ${CA_PEM_FILE} <<<\n"
fi
像这样调用:
sudo ./add-certificate-to-android-studio.sh /etc/ssl/certs/ProxyCA.pem
如果您已将 Android Studio 安装在不同于 /opt/android-studio 的位置,那么您必须像这样调用:
sudo ./add-certificate-to-android-studio.sh /etc/ssl/certs/ProxyCA.pem /android/path
我们的新防火墙提供透明代理,它为安全 (HTTPS) 连接颁发自签名 SSL 证书。
Android工作室让我接受两个证书,我确认了。
现有项目构建良好。仅当我在 build.gradle 文件中更改或添加依赖项时,才会出现此错误消息:
Gradle 'MyApp' project refresh failed
Error:Cause: unable to find valid certification path to requested target
有没有办法告诉 Gradle 插件信任防火墙生成的 SSL 证书?
我在这个答案中找到了有效的 solution/workaround:
我在两个地方用 maven { url "http://jcenter.bintray.com" } 替换了 jcenter()。
此解决方法要求 jcenter 可通过 HTTP 访问,出于安全原因将来可能会被禁用。
应始终避免降级安全性 ;)
根据 Jetbrains post:
存在解决方案Eh, this is a Jetbrains/IDEA issue. Despite being able to pick the gradle wrapper's Java installation, the grabbing of the wrapper is still done with the JRE which the IDE is currently using... Preventing the wrapper from even starting. It should prompt to trust the certificate like everywhere else in the IDE but it does not. In the interim I have posted instructions to fix this for those who need it. (This issue persists in 2017.2.1)
根据对 post 的评论,我写了这个 bash 脚本:
#!/bin/bash
set -eu
CA_PEM_FILE="${1?Missing path to certificate file}"
ANDROID_STUDIO_PATH="${2:-/opt/android-studio/jre/jre/lib/security}"
if [ -f "${CA_PEM_FILE}" ]
then
printf "\n>>> ADDING A CERTIFICATE TO ANDROID STUDIO <<<\n"
# https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000094584-IDEA-Ultimate-2016-3-4-throwing-unable-to-find-valid-certification-path-to-requested-target-when-trying-to-refresh-gradle
cd "${ANDROID_STUDIO_PATH}" && \
printf "changeit\nyes\n" | keytool -keystore cacerts -importcert -alias ProxyCertificate -file "${CA_PEM_FILE}" && \
printf "\n >>> CERTICATE ADDED SUCCESEFULY<<<\n"
else
printf "\n >>> FATAL ERROR: Certificate not found in path ${CA_PEM_FILE} <<<\n"
fi
像这样调用:
sudo ./add-certificate-to-android-studio.sh /etc/ssl/certs/ProxyCA.pem
如果您已将 Android Studio 安装在不同于 /opt/android-studio 的位置,那么您必须像这样调用:
sudo ./add-certificate-to-android-studio.sh /etc/ssl/certs/ProxyCA.pem /android/path