今天,封装HttpClient使用ssl时报一下错误:

  1. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  2. 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  3. 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
  4. 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
  5. 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
  6. ...
  7. Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  8. 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
  9. 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
  10. 	at sun.security.validator.Validator.validate(Validator.java:260)
  11. 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
  12. 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

在参考了图解https协议之后,发现这个报错应该就是在客户端“validate crt”的过程中,所以正常的解决思路应该想办法将服务器的证书写入到客户端。

后来在oracle的一篇博客中找到一下的解决方式:

关键步骤:

  1. % java InstallCert _web_site_hostname_
  3. 显示相关的证书信息
  5. 此时输入'q' 则为'退出', '1' 则将添加CA证书。
  7. 将新生成的 "jssecacerts" 移到"$JAVA_HOME/jre/lib/security"

注意:添加CA证书的行为,新生成的jssecacerts则是与旧的jssecacerts叠加的后产生的文件,旧的jssecacerts查找方式如代码所示:

  1. File file = new File("jssecacerts");
  2. if (file.isFile() == false) {
  3.     char SEP = File.separatorChar;
  4.     File dir = new File(System.getProperty("java.home") + SEP + "lib"
  5.             + SEP + "security");
  6.     file = new File(dir, "jssecacerts");
  7.     if (file.isFile() == false) {
  8.         file = new File(dir, "cacerts");
  9.     }
  10. }

有点遗憾的是博客中InstallCert下载链接已经失效了。需要异步到github进行下载

代码也留一份到此处:

  1. /*
  2.  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
  3.  *
  4.  * Redistribution and use in source and binary forms, with or without
  5.  * modification, are permitted provided that the following conditions
  6.  * are met:
  7.  *
  8.  *   - Redistributions of source code must retain the above copyright
  9.  *     notice, this list of conditions and the following disclaimer.
  10.  *
  11.  *   - Redistributions in binary form must reproduce the above copyright
  12.  *     notice, this list of conditions and the following disclaimer in the
  13.  *     documentation and/or other materials provided with the distribution.
  14.  *
  15.  *   - Neither the name of Sun Microsystems nor the names of its
  16.  *     contributors may be used to endorse or promote products derived
  17.  *     from this software without specific prior written permission.
  18.  *
  19.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  20.  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  21.  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  22.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  23.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  24.  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  25.  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  26.  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  27.  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  28.  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  29.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30.  */
  31. /**
  32.  * Originally from:
  33.  * http://blogs.sun.com/andreas/resource/InstallCert.java
  34.  * Use:
  35.  * java InstallCert hostname
  36.  * Example:
  37.  *% java InstallCert ecc.fedora.redhat.com
  38.  */
  40. import javax.net.ssl.*;
  41. import java.io.*;
  42. import java.security.KeyStore;
  43. import java.security.MessageDigest;
  44. import java.security.cert.CertificateException;
  45. import java.security.cert.X509Certificate;
  47. /**
  48.  * Class used to add the server's certificate to the KeyStore
  49.  * with your trusted certificates.
  50.  */
  51. public class InstallCert {
  53.     public static void main(String[] args) throws Exception {
  54.         String host;
  55.         int port;
  56.         char[] passphrase;
  57.         if ((args.length == 1) || (args.length == 2)) {
  58.             String[] c = args[0].split(":");
  59.             host = c[0];
  60.             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
  61.             String p = (args.length == 1) ? "changeit" : args[1];
  62.             passphrase = p.toCharArray();
  63.         } else {
  64.             System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
  65.             return;
  66.         }
  68.         File file = new File("jssecacerts");
  69.         if (file.isFile() == false) {
  70.             char SEP = File.separatorChar;
  71.             File dir = new File(System.getProperty("java.home") + SEP
  72.                     + "lib" + SEP + "security");
  73.             file = new File(dir, "jssecacerts");
  74.             if (file.isFile() == false) {
  75.                 file = new File(dir, "cacerts");
  76.             }
  77.         }
  78.         System.out.println("Loading KeyStore " + file + "...");
  79.         InputStream in = new FileInputStream(file);
  80.         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  81.         ks.load(in, passphrase);
  82.         in.close();
  84.         SSLContext context = SSLContext.getInstance("TLS");
  85.         TrustManagerFactory tmf =
  86.                 TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  87.         tmf.init(ks);
  88.         X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
  89.         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
  90.         context.init(null, new TrustManager[]{tm}, null);
  91.         SSLSocketFactory factory = context.getSocketFactory();
  93.         System.out.println("Opening connection to " + host + ":" + port + "...");
  94.         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
  95.         socket.setSoTimeout(10000);
  96.         try {
  97.             System.out.println("Starting SSL handshake...");
  98.             socket.startHandshake();
  99.             socket.close();
  100.             System.out.println();
  101.             System.out.println("No errors, certificate is already trusted");
  102.         } catch (SSLException e) {
  103.             System.out.println();
  104.             e.printStackTrace(System.out);
  105.         }
  107.         X509Certificate[] chain = tm.chain;
  108.         if (chain == null) {
  109.             System.out.println("Could not obtain server certificate chain");
  110.             return;
  111.         }
  113.         BufferedReader reader =
  114.                 new BufferedReader(new InputStreamReader(System.in));
  116.         System.out.println();
  117.         System.out.println("Server sent " + chain.length + " certificate(s):");
  118.         System.out.println();
  119.         MessageDigest sha1 = MessageDigest.getInstance("SHA1");
  120.         MessageDigest md5 = MessageDigest.getInstance("MD5");
  121.         for (int i = 0; i < chain.length; i++) {
  122.             X509Certificate cert = chain[i];
  123.             System.out.println
  124.                     (" " + (i + 1) + " Subject " + cert.getSubjectDN());
  125.             System.out.println("   Issuer  " + cert.getIssuerDN());
  126.             sha1.update(cert.getEncoded());
  127.             System.out.println("   sha1    " + toHexString(sha1.digest()));
  128.             md5.update(cert.getEncoded());
  129.             System.out.println("   md5     " + toHexString(md5.digest()));
  130.             System.out.println();
  131.         }
  133.         System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
  134.         String line = reader.readLine().trim();
  135.         int k;
  136.         try {
  137.             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
  138.         } catch (NumberFormatException e) {
  139.             System.out.println("KeyStore not changed");
  140.             return;
  141.         }
  143.         X509Certificate cert = chain[k];
  144.         String alias = host + "-" + (k + 1);
  145.         ks.setCertificateEntry(alias, cert);
  147.         OutputStream out = new FileOutputStream("jssecacerts");
  148.         ks.store(out, passphrase);
  149.         out.close();
  151.         System.out.println();
  152.         System.out.println(cert);
  153.         System.out.println();
  154.         System.out.println
  155.                 ("Added certificate to keystore 'jssecacerts' using alias '"
  156.                         + alias + "'");
  157.     }
  159.     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
  161.     private static String toHexString(byte[] bytes) {
  162.         StringBuilder sb = new StringBuilder(bytes.length * 3);
  163.         for (int b : bytes) {
  164.             b &= 0xff;
  165.             sb.append(HEXDIGITS[b >> 4]);
  166.             sb.append(HEXDIGITS[b & 15]);
  167.             sb.append(' ');
  168.         }
  169.         return sb.toString();
  170.     }
  172.     private static class SavingTrustManager implements X509TrustManager {
  174.         private final X509TrustManager tm;
  175.         private X509Certificate[] chain;
  177.         SavingTrustManager(X509TrustManager tm) {
  178.             this.tm = tm;
  179.         }
  181.         public X509Certificate[] getAcceptedIssuers() {
  183. 	    /**
  184. 	     * This change has been done due to the following resolution advised for Java 1.7+
  185. 		http://infposs.blogspot.kr/2013/06/installcert-and-java-7.html
  186.        	     **/ 
  188. 	    return new X509Certificate[0];
  189.             //throw new UnsupportedOperationException();
  190.         }
  192.         public void checkClientTrusted(X509Certificate[] chain, String authType)
  193.                 throws CertificateException {
  194.             throw new UnsupportedOperationException();
  195.         }
  197.         public void checkServerTrusted(X509Certificate[] chain, String authType)
  198.                 throws CertificateException {
  199.             this.chain = chain;
  200.             tm.checkServerTrusted(chain, authType);
  201.         }
  202.     }
  203. }

解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"的更多相关文章

  1. java程序中访问https时,报 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    在java中使用https访问数据时报异常: Caused by: sun.security.validator.ValidatorException: PKIX path building fail ...

  2. Maven:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    还是记录使用 maven 时遇到的问题. 一.maven报错 maven package 进行打包时出现了以下报错: Non-resolvable parent POM for com.wpbxin: ...

  3. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    注:网上搜来的快照,暂未验证 在java代码中请求https链接的时候,可能会报下面这个错误javax.net.ssl.SSLHandshakeException: sun.security.vali ...

  4. Flutter配置环境报错“PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

    背景:最近看了很多Flutter漂亮的项目,想要尝试一下.所有环境都搭建好之后,按照文档一步一步配置(抄袭),但始终报如下图错误. PKIX path building failed: sun.sec ...

  5. mvn 编译报错mavn sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targ

    mavn 编译报错: mavn sun.security.validator.ValidatorException: PKIX path building failed: sun.security.p ...

  6. 报错PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天在调用第三方HTTPS接口的时候,一直显示这个报错,然后百度很久,有2种解决方法,一个是说自己手动去导入,第二种用代码忽略证书验证.我用二种方式, 复制即用, public void test2( ...

  7. maven PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path

    maven编译的时候遇到的奇葩问题,  非常奇葩, 所有其他同事都没有遇到 , 仅仅是我遇到了 不清楚是因为用了最新的JDK的缘故(1.8 update91)还是其他什么原因. 总之是证书的问题. 当 ...

  8. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    httpclient-4.5.jar 定时发送http包,忽然有一天报错,http证书变更引起的. 之前的代码 try { CloseableHttpClient httpClient = build ...

  9. ES访问遇到sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    cmd命令cd到jre/bin目录下 输入命令keytool -import -alias 别名 -keystore cacerts -file ‪C://certs//elasticsearch// ...

随机推荐

  1. Webform server.transfer 用法

    server.transfer 特点: 1:大家熟悉的一个特点,用server.transfer 跳转到新页面时,浏览器的地址是没有改变的(因为重定向完全在服务器端进行,浏览器根本不知道服务器已经执行 ...

  2. CSS中LI圆点样式li {list-style-type:符号名称}

    css中用list-style-type指定列表(lists)前面符号,如下: li {list-style-type:符号名称} 符号名称可用的值为: disc : CSS1 实心圆 circle ...

  3. UIPickerView滚轮选择器视图

    //必须实现两个协议 //数据源协议必须实现的两个方法 //选取器的输出借口singlePicker,并在故事版中选择该选取器将dataSource和delegate拖入视图控制器与之关联 //@pr ...

  4. Linux操作系统备份之三:通过二进制拷贝(dd)方式实现Linux操作系统数据的备份

    前面有两篇文章,<Linux操作系统备份之一:使用LVM快照实现Linux操作系统数据的在线备份>和<Linux操作系统备份之二:通过tar拷贝分区实现Linux操作数据的在线备份& ...

  5. 夺命雷公狗-----React_native---5---初步读懂代码模式

    我们的代码一般导出会用两种方式,如下所示: 这两种方法都是可以的.... 引入方式其实也是很简单的,如下所示: 这样即可...

  6. 移动设备如何打开RMS加密的文档

    关键字:RMS. AZure RMS.IPhone.Android.Office365.Sharepoint.Exchange 最近总是碰到要求用苹果手机及安卓手机阅读RMS加密文档的需求,经过查找相 ...

  7. window10 安装SVN 提示权限问题

     http://www.yishimei.cn/network/551.html 经常在网上看到有同学反映,他们在控制面板里卸载软件的时候,总是会出现2502.2503错误代码的问题,并且这个问题大多 ...

  8. Dynamics AX 2012 R2 AIF 内部异常 output session was auto-closes

    今天调用AIF出现异常,异常信息如下 This chanel can no longer be used to send message as the output session was auto- ...

  9. Linux:-拷贝或传送文件的技巧

    <---拷贝目录如何做到排除文件?常用命令cp,用法比较LOW---> tar -cf - ./* --exclude="nohup.out" | (cd /opt/ ...

  10. Linux中profile、bashrc、bash_profile之间的区别和联系

    /etc/profile:此文件为系统的每个用户设置环境信息,当用户第一次登录时,该文件被执行.并从/etc/profile.d目录的配置文件中搜集shell的设置. 英文描述为: # /etc/pr ...