問題現(xiàn)象：

Java Spring應(yīng)用發(fā)送數(shù)據(jù)報(bào)如下問題。

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

原因分析:

用httpclient訪問https資源時(shí)，會(huì)出現(xiàn)異常，與環(huán)境也有關(guān)系，有些機(jī)器請(qǐng)求正常。

解決方案:

1.復(fù)制附錄代碼到文本文件中，改名為InstallCert.java。然后在命令行中執(zhí)行命令，編譯InstallCert.java：

javac InstallCert.java

?2.再執(zhí)行以下命令：

java InstallCert www.baidu.com

說明：網(wǎng)址處不需要輸入(https://)信息，比如 www.baidu.com，只需域名即可。

隨后服務(wù)器會(huì)返回認(rèn)證的主題，發(fā)行方，加密方式等信息。

3.在這里輸入1后，回車。

Enter certificate to add to trusted keystore or 'q' to quit: [1]
1

在目錄下會(huì)生成文件jssecacerts，自此認(rèn)證過程結(jié)束。

替換證書：

1.windows系統(tǒng)：將生成的jssecacerts文件復(fù)制到 jdk的相應(yīng)路徑下即可。

windows系統(tǒng)一般需要首先找到j(luò)dk安裝路徑

D:\Java\jdk1.8.0_221\jre\lib\security

2.Linux系統(tǒng)：需要首先使用 scp 命令 將 jssecacerts 傳輸至服務(wù)器。

3.docker：jdk通常在這個(gè)地方

/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/

/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/ (和上面其實(shí)一樣)

替換完后，重啟 docker 即可。

附錄：?

/*

 * Copyright 2006 Sun Microsystems, Inc.? All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *? - Redistributions of source code must retain the above copyright

 *? ? notice, this list of conditions and the following disclaimer.

 *

 *? - Redistributions in binary form must reproduce the above copyright

 *? ? notice, this list of conditions and the following disclaimer in the

 *? ? documentation and/or other materials provided with the distribution.

 *

 *? - Neither the name of Sun Microsystems nor the names of its

 *? ? contributors may be used to endorse or promote products derived

 *? ? from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.? IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out.println("Usage: java InstallCert [:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[]{tm}, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

            System.out.println("? Issuer? " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("? sha1? ? " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("? md5? ? " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }


    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;


        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }


        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }


        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            throw new UnsupportedOperationException();

        }


        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }
    }

}

另詳見：https://blog.csdn.net/chaishen10000/article/details/82992291文章來源地址http://www.zghlxwxcb.cn/news/detail-573584.html

到了這里，關(guān)于解決javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！