一,首先,解决unable to find valid certification path to requested target的问题。

其实就是要生成证书, 让tomcat读取证书

  1. import java.io.BufferedReader;
  2. import java.io.File;
  3. import java.io.FileInputStream;
  4. import java.io.FileOutputStream;
  5. import java.io.InputStream;
  6. import java.io.InputStreamReader;
  7. import java.io.OutputStream;
  8. import java.security.KeyStore;
  9. import java.security.MessageDigest;
  10. import java.security.cert.CertificateException;
  11. import java.security.cert.X509Certificate;
  12.  
  13. import javax.net.ssl.SSLContext;
  14. import javax.net.ssl.SSLException;
  15. import javax.net.ssl.SSLSocket;
  16. import javax.net.ssl.SSLSocketFactory;
  17. import javax.net.ssl.TrustManager;
  18. import javax.net.ssl.TrustManagerFactory;
  19. import javax.net.ssl.X509TrustManager;
  20.  
  21. public class InstallCert {
  22.  
  23.     public static void main(String[] args) throws Exception {
  24.         String host;
  25.         int port;
  26.         char[] passphrase;
  27.         if ((args.length == 1) || (args.length == 2)) {
  28.             String[] c = args[0].split(":");
  29.             host = c[0];
  30.             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
  31.             String p = (args.length == 1) ? "changeit" : args[1];
  32.             passphrase = p.toCharArray();
  33.         } else {
  34.             System.out
  35.                     .println("Usage: java InstallCert <host>[:port] [passphrase]");
  36.             return;
  37.         }
  38.  
  39.         File file = new File("jssecacerts");
  40.         if (file.isFile() == false) {
  41.             char SEP = File.separatorChar;
  42.             File dir = new File(System.getProperty("java.home") + SEP + "lib"
  43.                     + SEP + "security");
  44.             file = new File(dir, "jssecacerts");
  45.             if (file.isFile() == false) {
  46.                 file = new File(dir, "cacerts");
  47.             }
  48.         }
  49.         System.out.println("Loading KeyStore " + file + "...");
  50.         InputStream in = new FileInputStream(file);
  51.         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  52.         ks.load(in, passphrase);
  53.         in.close();
  54.  
  55.         SSLContext context = SSLContext.getInstance("TLS");
  56.         TrustManagerFactory tmf = TrustManagerFactory
  57.                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());
  58.         tmf.init(ks);
  59.         X509TrustManager defaultTrustManager = (X509TrustManager) tmf
  60.                 .getTrustManagers()[0];
  61.         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
  62.         context.init(null, new TrustManager[] { tm }, null);
  63.         SSLSocketFactory factory = context.getSocketFactory();
  64.  
  65.         System.out
  66.                 .println("Opening connection to " + host + ":" + port + "...");
  67.         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
  68.         socket.setSoTimeout(10000);
  69.         try {
  70.             System.out.println("Starting SSL handshake...");
  71.             socket.startHandshake();
  72.             socket.close();
  73.             System.out.println();
  74.             System.out.println("No errors, certificate is already trusted");
  75.         } catch (SSLException e) {
  76.             System.out.println();
  77.             e.printStackTrace(System.out);
  78.         }
  79.  
  80.         X509Certificate[] chain = tm.chain;
  81.         if (chain == null) {
  82.             System.out.println("Could not obtain server certificate chain");
  83.             return;
  84.         }
  85.  
  86.         BufferedReader reader = new BufferedReader(new InputStreamReader(
  87.                 System.in));
  88.  
  89.         System.out.println();
  90.         System.out.println("Server sent " + chain.length + " certificate(s):");
  91.         System.out.println();
  92.         MessageDigest sha1 = MessageDigest.getInstance("SHA1");
  93.         MessageDigest md5 = MessageDigest.getInstance("MD5");
  94.         for (int i = 0; i < chain.length; i++) {
  95.             X509Certificate cert = chain[i];
  96.             System.out.println(" " + (i + 1) + " Subject "
  97.                     + cert.getSubjectDN());
  98.             System.out.println("   Issuer  " + cert.getIssuerDN());
  99.             sha1.update(cert.getEncoded());
  100.             System.out.println("   sha1    " + toHexString(sha1.digest()));
  101.             md5.update(cert.getEncoded());
  102.             System.out.println("   md5     " + toHexString(md5.digest()));
  103.             System.out.println();
  104.         }
  105.  
  106.         System.out
  107.                 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
  108.         String line = reader.readLine().trim();
  109.         int k;
  110.         try {
  111.             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
  112.         } catch (NumberFormatException e) {
  113.             System.out.println("KeyStore not changed");
  114.             return;
  115.         }
  116.  
  117.         X509Certificate cert = chain[k];
  118.         String alias = host + "-" + (k + 1);
  119.         ks.setCertificateEntry(alias, cert);
  120.  
  121.         OutputStream out = new FileOutputStream("jssecacerts");
  122.         ks.store(out, passphrase);
  123.         out.close();
  124.  
  125.         System.out.println();
  126.         System.out.println(cert);
  127.         System.out.println();
  128.         System.out
  129.                 .println("Added certificate to keystore 'jssecacerts' using alias '"
  130.                         + alias + "'");
  131.     }
  132.  
  133.     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
  134.  
  135.     private static String toHexString(byte[] bytes) {
  136.         StringBuilder sb = new StringBuilder(bytes.length * 3);
  137.         for (int b : bytes) {
  138.             b &= 0xff;
  139.             sb.append(HEXDIGITS[b >> 4]);
  140.             sb.append(HEXDIGITS[b & 15]);
  141.             sb.append(' ');
  142.         }
  143.         return sb.toString();
  144.     }
  145.  
  146.     private static class SavingTrustManager implements X509TrustManager {
  147.  
  148.         private final X509TrustManager tm;
  149.         private X509Certificate[] chain;
  150.  
  151.         SavingTrustManager(X509TrustManager tm) {
  152.             this.tm = tm;
  153.         }
  154.  
  155.         public X509Certificate[] getAcceptedIssuers() {
  156.             throw new UnsupportedOperationException();
  157.         }
  158.  
  159.         public void checkClientTrusted(X509Certificate[] chain, String authType)
  160.                 throws CertificateException {
  161.             throw new UnsupportedOperationException();
  162.         }
  163.  
  164.         public void checkServerTrusted(X509Certificate[] chain, String authType)
  165.                 throws CertificateException {
  166.             this.chain = chain;
  167.             tm.checkServerTrusted(chain, authType);
  168.         }
  169.     }
  170.  
  171. }

  在把证书放到$JAVA_HOME/jre/lib/security目录下

要么就是在浏览器里面打开网站的证书, 导出来上传到服务器上, 然后导入到tomcat默认的cacerts

二,然后, 如果问题未解决出现“Certificate doesn't match any of the subject alternative names”

这时候, 需要改造代码

a. 方案1:使用HttpURLConnection 请求https地址, 例子如下:

  1. import java.net.HttpURLConnection;
  2.  
  3. public static HttpURLConnection connectToWeb(String uri) {
  4.     HttpURLConnection connection = null;
  5.     try {
  6.         URL url = new URL(uri);
  7.         connection = (HttpURLConnection) url.openConnection();
  8.         connection.setRequestMethod("GET");
  9.         connection.connect();
  10.     } catch (MalformedURLException ex) {
  11.         ex.printStackTrace();
  12.     } catch (IOException ex) {
  13.         ex.printStackTrace();
  14.     }
  15.     return connection;
  16. }

b.方案2:使用SSLConnectionSocketFactory,例子如下:

  1. public static CloseableHttpClient createSSLClientDefault() {
  2.         CloseableHttpClient client = null;
  3.         try {
  4.             SSLContext sslContext = null;
  5.             sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
  6.                 @Override
  7.                 public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
  8.                     return true;
  9.                 }
  10.             }).build();
  11.             SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);//这里的红色部分
  12.             client = HttpClients.custom().setSSLSocketFactory(sslsf).build();
  13.         } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
  14.             e.printStackTrace();
  15.         }
  16.         return client;
  17.     }

  

Tomcat应用访问SSL或https失败的解决办法的更多相关文章

  1. 数据库无法访问,用户 NT AUTHORITY/SYSTEM或NT AUTHORITY\NETWORK SERVICE登录失败的解决办法

    问题:win7中的在IIS 7.0中,在 Default Web Site 目录下挂一虚拟目录. 在相应的应用程序池 DefaultAppPool 设置标识设置成NetworkService. 但是打 ...

  2. tomcat启动失败的解决办法

    初次安装tomcat启动失败的解决办法: 1.CATALINA_HOME    C:\Program Files\apache-tomcat-8.5.242.path  %CATALINA_HOME% ...

  3. Windows开启关闭测试模式的方法(含开启测试模式失败的解决办法)

    前言:           内含:Windows开启关闭测试模式的方法.开启测试模式失败的解决办法.win10进入bios的方式.BitLocker恢复方式.           对于互联网从业者来说 ...

  4. LoadLibrary加载动态库失败的解决办法

    from:http://blog.sina.com.cn/s/blog_62ad1b8101017qub.html 若DLL不在调用方的同一目录下,可以用LoadLibrary(L"DLL绝 ...

  5. Data Base sqlServer sa用户登陆失败的解决办法

    sqlserver sa用户登陆失败的解决办法 如下图以此模仿: 1.右键-属性 2.找到安全: 3.勾选如图: 4.sa用户密码重置: 5.服务重启:

  6. 微信公众平台Token验证失败的解决办法

    微信公众平台Token验证失败的解决办法 1.可查看url和token是否正确 2.查看服务器端口是否为80端口 3.你可以通过记录log日志来判断是否接受到微信提交过来的信息 1.$fp=fopen ...

  7. Sql Server 2008 卸载重新安装失败的解决办法!(多次偿试,方法均有效!)

    Sql Server 2008 卸载重新安装失败的解决办法!(多次偿试,方法均有效!) 1.控制面板中卸载所有带sql server的程序. 2.在C盘C:\Program Files中sqlserv ...

  8. npm install 错误 安装 chromedriver 失败的解决办法

    npm 安装 chromedriver 失败的解决办法npm 安装 chromedriver 时,偶尔会出错,错误提示类似于:npm ERR! chromedriver@2.35.0 install: ...

  9. WCF传输过大的数据导致失败的解决办法

    WCF传输过大的数据导致失败的解决办法   WCF服务默认是不配置数据传输的限制大小的,那么默认的大小好像是65535B,这才65KB左右,如果希望传输更大一些的数据呢,就需要手动指定一下缓冲区的大小 ...

随机推荐

  1. Mysql5.7数据库介绍

    (1).默认数据库介绍 information_schema 这个数据库保存了Mysql服务器所有数据库的信息.如数据库名.数据库的表.表栏的数据类型访问权限等. mysql 这个库是系统库,里面保存 ...

  2. Python简单计算数组元素平均值的方法示例

    Python简单计算数组元素平均值的方法示例 本文实例讲述了Python简单计算数组元素平均值的方法.分享给大家供大家参考,具体如下: Python 环境:Python 2.7.12 x64 IDE ...

  3. Oracle ORA-00984: column not allowed here

    ORA-00984错误: 列在此处不允许当数据以char的形式存在时,应加单引号,则插入数据库就不会出现类似错误.

  4. SpringMvc+ajax跨域请求时,出现options类型的请求并返回403的解决方案

    在使用 $.ajax({ url:'http://127.0.0.1:8081/rest/ccxxx/xxxx', type:'POST', dataType:"json", co ...

  5. iOS-系统bool理解

    typedef signed char BOOL; #if !defined(YES)    #define YES (BOOL)1 #endif #if !defined(NO)    #defin ...

  6. Python-Web-数据库-mongodb

    理念: ----无创建数据库方法,使用即创建 ----里面无数据,即数据库不存在 ----数据库有表,表里有一条数据,则数据库存在 ----表数据为JSON格式[{‘name’:’lisi’,’age ...

  7. .Net中委托的协变和逆变详解

    关于协变和逆变要从面向对象继承说起.继承关系是指子类和父类之间的关系:子类从父类继承所以子类的实例也就是父类的实例.比如说Animal是父类,Dog是从Animal继承的子类:如果一个对象的类型是Do ...

  8. Mysql统计每年每个月的数据——详细教程

    Mysql统计每年每个月的数据(前端页面统计图实现) 最终想实现的效果图,在这里就不多废话了,直接上效果图,由于测试数据有几个月是为0的,所以数据图看着会有点怪怪. 接下来是数据库的两个表,这里直接给 ...

  9. location匹配禁止页面缓存

    php禁止页面缓存的办法 //设置此页面的过期时间(用格林威治时间表示),只要是已经过去的日期即可. add_header Expires: Mon, 26 Jul 1997 05:00:00 GMT ...

  10. Memory Barriers Are Like Source Control Operations

    From:   http://preshing.com/20120710/memory-barriers-are-like-source-control-operations/ If you use ...