在一次调试中,出现了这个错误:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

详细报错信息如下:

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

十二月 ,  :: 下午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [jsp] in context with path [] threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    ...  more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

这个错误最终定位在这个方法:

protected final String retrieveResponseFromServer(final URL validationUrl,

            final String ticket) {

        HttpURLConnection connection = null;

        try {

            connection = (HttpURLConnection) validationUrl.openConnection();

            final BufferedReader in = new BufferedReader(new InputStreamReader(

                    connection.getInputStream()));

            String line;

            final StringBuffer stringBuffer = new StringBuffer(255);

            synchronized (stringBuffer) {

                while ((line = in.readLine()) != null) {

                    stringBuffer.append(line);

                    stringBuffer.append("\n");

                }

                return stringBuffer.toString();

            }

        } catch (final IOException e) {

            log.error(e, e);

            return null;

        } catch (final Exception e1){

            log.error(e1, e1);

            return null;

        }finally {

            if (connection != null) {

                connection.disconnect();

            }

        }

    }

后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:

trustAllHttpsCertificates();

HttpsURLConnection.setDefaultHostnameVerifier(hv);

具体的实现是:

HostnameVerifier hv = new HostnameVerifier() {

        public boolean verify(String urlHostName, SSLSession session) {

            System.out.println("Warning: URL Host: " + urlHostName + " vs. "

                               + session.getPeerHost());

            return true;

        }

    };

    private static void trustAllHttpsCertificates() throws Exception {

        javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext

                .getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc

                .getSocketFactory());

    }

    static class miTM implements javax.net.ssl.TrustManager,

            javax.net.ssl.X509TrustManager {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

        public void checkClientTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

    }

附件:AbstractCasProtocolUrlBasedTicketValidator

解决CAS单点登录出现PKIX path building failed的问题的更多相关文章

  1. 解决 sun.security.validator.ValidatorException: PKIX path building failed

    今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...

  2. CAS 5.x搭建常见问题系列(2).PKIX path building failed

    错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...

  3. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  4. 解决java使用https协议请求出现证书不信任问题(PKIX path building failed)

    解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...

  5. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  6. 抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法

    抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...

  7. 解决PKIX path building failed

    起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...

  8. 解决PKIX path building failed的问题

    Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...

  9. 从头解决PKIX path building failed

    从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...

随机推荐

  1. 通过ApplicationContextAwareSpring实现手工加载配置的javabean

    在做一个多线程的数据采集器实现的过程中,由于框架是集成srping,因此希望统一使用原有的数据库配置信息,但是需要手工获取数据库配置bean.我们可以通过继承ApplicationContextAwa ...

  2. C#微信公众号开发 -- (七)自定义菜单事件之VIEW及网页(OAuth2.0)授权

    通俗来讲VIEW其实就是我们在C#中常用的a标签,可以直接在自定义菜单URL的属性里面写上需要跳转的链接,也即为单纯的跳转. 但更多的情况下,我们是想通过VIEW来进入指定的页面并进行操作. 举一个简 ...

  3. WebSocket使用教程 - 带完整实例

    http://my.oschina.net/u/1266171/blog/357488 什么是WebSocket?看过html5的同学都知道,WebSocket protocol 是HTML5一种新的 ...

  4. EasyUI中combotree允许多选的时候onSelect事件会重复触发onCheck事件

    aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgEAAADkCAIAAACOkmAuAAAgAElEQVR4nO2dW2wc15nnO0EQBJsdzA

  5. Ajax异步的回调函数执行了多遍

    问题: 在做下拉滚动加载时(类似于qq空间下拉加载),数据向下滚动一次,就会加载一次,即append一下,跟踪js后,发现回调函数执行了多次,导致append将上次的append结果append上了, ...

  6. java内存

    java内存分为四部分: 1).栈区(stacksegment),由编译器自动分配释放,存放函数的参数值和局部变量的值等,具体方法执行结束之后,系统自动释放JVM内存资源: 2).堆区(heapseg ...

  7. iOS开发——音频篇——音效的播放

    一.简单介绍 简单来说,音频可以分为2种 (1)音效 又称“短音频”,通常在程序中的播放时长为1~2秒 在应用程序中起到点缀效果,提升整体用户体验 (2)音乐 比如游戏中的“背景音乐”,一般播放时间较 ...

  8. iOS 设置图片imageView圆角——对图片进行裁剪

    以前设置图片圆角总是把imageView设置成圆形,然后设置maskToBounds为YES,其实这样处理很消耗性能,图片多了之后比较卡,最好将图片进行裁剪后显示:这里有个分类可以用: UIImage ...

  9. c++ primer复习(五):类

    一:基本内容 1 类 数据成员:用于存储与类对象相关联的状态 成员函数:对数据成员进行操作 类将接口与实现分离,接口指定了类支持的操作,操作的具体实现细节是类的设计者才需要了解 2 类成员 类成员可以 ...

  10. (转) IOS用CGContextRef画各种图形(文字、圆、直线、弧线、矩形、扇形、椭圆、三角形、圆角矩形、贝塞尔曲线、图片)

    首先了解一下CGContextRef: An opaque type that represents a Quartz 2D drawing environment. Graphics Context ...