呼叫https介面時報錯:PKIX path building failed 的問題
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
這是缺少安全證照時出現的異常,解決方案就是將你要訪問的webservice的安全認證證照匯入到客戶端即可。以下是獲取安全證照的一種方法
1,寫一個程式專門獲取安全證照,參考InstallCert.java:
/* * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * - Neither the name of Sun Microsystems nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ import java.io.*; import java.net.URL; import java.security.*; import java.security.cert.*; import javax.net.ssl.*; public class InstallCert { public static void main(String[] args) throws Exception { String host; int port; char[] passphrase; if ((args.length == 1) || (args.length == 2)) { String[] c = args[0].split(":"); host = c[0]; port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); String p = (args.length == 1) ? "changeit" : args[1]; passphrase = p.toCharArray(); } else { System.out.println("Usage: java InstallCert <host>[:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (file.isFile() == false) { char SEP = File.separatorChar; File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); file = new File(dir, "jssecacerts"); if (file.isFile() == false) { file = new File(dir, "cacerts"); } } System.out.println("Loading KeyStore " + file + "..."); InputStream in = new FileInputStream(file); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); in.close(); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[] {tm}, null); SSLSocketFactory factory = context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port + "..."); SSLSocket socket = (SSLSocket)factory.createSocket(host, port); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println(); System.out.println("No errors, certificate is already trusted"); } catch (SSLException e) { System.out.println(); e.printStackTrace(System.out); } X509Certificate[] chain = tm.chain; if (chain == null) { System.out.println("Could not obtain server certificate chain"); return; } BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.println(); System.out.println("Server sent " + chain.length + " certificate(s):"); System.out.println(); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; System.out.println (" " + (i + 1) + " Subject " + cert.getSubjectDN()); System.out.println(" Issuer " + cert.getIssuerDN()); sha1.update(cert.getEncoded()); System.out.println(" sha1 " + toHexString(sha1.digest())); md5.update(cert.getEncoded()); System.out.println(" md5 " + toHexString(md5.digest())); System.out.println(); } System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); String line = reader.readLine().trim(); int k; try { k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; } catch (NumberFormatException e) { System.out.println("KeyStore not changed"); return; } X509Certificate cert = chain[k]; String alias = host + "-" + (k + 1); ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts"); ks.store(out, passphrase); out.close(); System.out.println(); System.out.println(cert); System.out.println(); System.out.println ("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'"); } private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); private static String toHexString(byte[] bytes) { StringBuilder sb = new StringBuilder(bytes.length * 3); for (int b : bytes) { b &= 0xff; sb.append(HEXDIGITS[b >> 4]); sb.append(HEXDIGITS[b & 15]); sb.append(' '); } return sb.toString(); } private static class SavingTrustManager implements X509TrustManager { private final X509TrustManager tm; private X509Certificate[] chain; SavingTrustManager(X509TrustManager tm) { this.tm = tm; } public X509Certificate[] getAcceptedIssuers() { throw new UnsupportedOperationException(); } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new UnsupportedOperationException(); } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { this.chain = chain; tm.checkServerTrusted(chain, authType); } } }
2.執行 java InstallCert hostname 比如
java InstallCert ecc.fedora.redhat.com
會看到如下資訊:
java InstallCert ecc.fedora.redhat.com Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts... Opening connection to ecc.fedora.redhat.com:443... Starting SSL handshake... javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) at InstallCert.main(InstallCert.java:63) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839) ... 7 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 13 more Server sent 2 certificate(s): 1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US Issuer CN=Certificate Shack, O=example.com, C=US sha1 2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7 md5 dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54 2 Subject CN=Certificate Shack, O=example.com, C=US Issuer CN=Certificate Shack, O=example.com, C=US sha1 fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6 md5 72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68 Enter certificate to add to trusted keystore or 'q' to quit: [1]
3.輸入1,然後直接回車,會在相應的目錄下產生一個名為‘jssecacerts’的證照。將證照copy到$JAVA_HOME/jre/lib/security目錄下,或者通過以下方式
System.setProperty("javax.net.ssl.trustStore", "D:\\UTA\\DOC_E_Health_XML\\Keystore\\jssecacerts");
注意:要重新啟動你的應用伺服器,因是靜態載入,證照才能被運用上。
相關文章
- 請求https介面時報錯:Caused by SSLError(SSLError(1, u‘[SSL: CERTIFICATE_VERIFY_FAILED] certificat,安裝certifiHTTPErrorAI
- 呼叫微信介面token的問題
- RedisTemplate呼叫increment報錯問題RedisREM
- IDEA啟動時報Failed to create JVM錯誤的解決IdeaAIJVM
- 關於使用toFixed()函式時報錯”toFixed() is not a function”的問題函式Function
- 解決fastjson反序列化時報錯的問題ASTJSON
- ubuntu gedit出錯:Failed to connect to the session manager的問題UbuntuAISession
- Building the main Guest Additions module [FAILED]UIAI
- 【FAQ】呼叫應用內購買SDK時報錯,如何用tag對問題進行排查和分析
- this問題 以及 webstorm 除錯介面WebORM除錯
- 用 Httprunner3 做介面測試遇到了問題,.with_json 的引數是列表時報錯HTTPJSON
- vue init webpack my-project指令時報錯問題(一)VueWebProject
- VUE 呼叫 flask 介面,解決跨域問題VueFlask跨域
- 跪問:java編譯時報錯Java編譯
- 跪問:java編譯時報錯!!!Java編譯
- ssh到圖形介面時報:X11 forwarding request failed on channel 0ForwardAI
- 呼叫HMS SDK介面報錯6004
- MSN messenger登入時報防火牆設定錯誤問題Messenger防火牆
- centos6.5報錯:checking filesystems failed問題處理CentOSAI
- 通過DBCA裝庫時報錯 ORA-21561: OID generation failedAI
- Ocrconfig時報PROT-1 Failed to initialize ocrconfig,PROT-16: Internal Error的問題解決AIError
- set autotrace on時報SP2-0618錯誤的問題解決案例
- 關於 NPM run dev 時報錯,提示 cross-env not found 的問題的小結NPMdevROS
- 解決direct path read 與 direct path write問題
- command 'gcc' failed with exit status 1錯誤問題的解決辦法GCAI
- Eclipse中一直building workspace...的問題EclipseUI
- SDWebImage 載入https報錯 無法載入問題WebHTTP
- 發現 postman 自動生成介面呼叫程式碼的一個問題Postman
- 呼叫HMS SDK介面報錯6003
- 關於非同步介面呼叫的疑問?非同步
- chorme訪問https的一個報錯ORMHTTP
- Tomcat https問題TomcatHTTP
- oracle呼叫外部程式時報:ora-28575以及ora-28546錯誤Oracle
- 使用@FeignClient中的fallback屬性處理介面呼叫異常問題client
- 解決使用mitmprox抓包可以訪問網頁,但是使用python request 呼叫該網站介面報錯問題MIT網頁Python網站
- Doris建立表報錯Failed to find enough host with storage medium問題解決AI
- 深度學習問題記錄:Building your Deep Neural深度學習UI
- 函式呼叫棧的問題函式