国产无码综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

解決 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin

2年前作者：霸氣del分類：Toy博客閱讀(45)違法舉報

這篇具有很好參考價值的文章主要介紹了解決 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方，請大家不吝賜教，您也可以點擊"舉報違法"按鈕提交疑問。

接口訪問https的網(wǎng)址時，報以下錯誤：

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

原因：

JAVA的證書庫里已經(jīng)帶了startssl ca證書，而nginx默認不帶startssl ca證書，這樣JAVA端訪問nginx為容器的https url校驗就會失敗，jetty默認帶startssl ca證書，所以正常。
PS：后來對windows和mac下java訪問https也做了測試，發(fā)現(xiàn)mac上的jdk缺省不帶startssl ca證書所以能訪問通過，而加上startssl ca證書后同android一樣訪問不通過。而windows上的jdk缺省帶startssl ca證書同android一樣訪問失敗。

解決辦法：

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
import java.io.*;
import java.net.URL;
 
import java.security.*;
import java.security.cert.*;
 
import javax.net.ssl.*;
 
public class InstallCert {
 
    public static void main(String[] args) throws Exception {
    String host;
    int port;
    char[] passphrase;
    if ((args.length == 1) || (args.length == 2)) {
        String[] c = args[0].split(":");
        host = c[0];
        port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
        String p = (args.length == 1) ? "changeit" : args[1];
        passphrase = p.toCharArray();
    } else {
        System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
        return;
    }
 
    File file = new File("jssecacerts");
    if (file.isFile() == false) {
        char SEP = File.separatorChar;
        File dir = new File(System.getProperty("java.home") + SEP
            + "lib" + SEP + "security");
        file = new File(dir, "jssecacerts");
        if (file.isFile() == false) {
        file = new File(dir, "cacerts");
        }
    }
    System.out.println("Loading KeyStore " + file + "...");
    InputStream in = new FileInputStream(file);
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(in, passphrase);
    in.close();
 
    SSLContext context = SSLContext.getInstance("TLS");
    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
    SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
    context.init(null, new TrustManager[] {tm}, null);
    SSLSocketFactory factory = context.getSocketFactory();
 
    System.out.println("Opening connection to " + host + ":" + port + "...");
    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
    socket.setSoTimeout(10000);
    try {
        System.out.println("Starting SSL handshake...");
        socket.startHandshake();
        socket.close();
        System.out.println();
        System.out.println("No errors, certificate is already trusted");
    } catch (SSLException e) {
        System.out.println();
        e.printStackTrace(System.out);
    }
 
    X509Certificate[] chain = tm.chain;
    if (chain == null) {
        System.out.println("Could not obtain server certificate chain");
        return;
    }
 
    BufferedReader reader =
        new BufferedReader(new InputStreamReader(System.in));
 
    System.out.println();
    System.out.println("Server sent " + chain.length + " certificate(s):");
    System.out.println();
    MessageDigest sha1 = MessageDigest.getInstance("SHA1");
    MessageDigest md5 = MessageDigest.getInstance("MD5");
    for (int i = 0; i < chain.length; i++) {
        X509Certificate cert = chain[i];
        System.out.println
            (" " + (i + 1) + " Subject " + cert.getSubjectDN());
        System.out.println("   Issuer  " + cert.getIssuerDN());
        sha1.update(cert.getEncoded());
        System.out.println("   sha1    " + toHexString(sha1.digest()));
        md5.update(cert.getEncoded());
        System.out.println("   md5     " + toHexString(md5.digest()));
        System.out.println();
    }
 
    System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
    String line = reader.readLine().trim();
    int k;
    try {
        k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
    } catch (NumberFormatException e) {
        System.out.println("KeyStore not changed");
        return;
    }
 
    X509Certificate cert = chain[k];
    String alias = host + "-" + (k + 1);
    ks.setCertificateEntry(alias, cert);
 
    OutputStream out = new FileOutputStream("jssecacerts");
    ks.store(out, passphrase);
    out.close();
 
    System.out.println();
    System.out.println(cert);
    System.out.println();
    System.out.println
        ("Added certificate to keystore 'jssecacerts' using alias '"
        + alias + "'");
    }
 
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
    private static String toHexString(byte[] bytes) {
    StringBuilder sb = new StringBuilder(bytes.length * 3);
    for (int b : bytes) {
        b &= 0xff;
        sb.append(HEXDIGITS[b >> 4]);
        sb.append(HEXDIGITS[b & 15]);
        sb.append(' ');
    }
    return sb.toString();
    }
 
    private static class SavingTrustManager implements X509TrustManager {
 
    private final X509TrustManager tm;
    private X509Certificate[] chain;
 
    SavingTrustManager(X509TrustManager tm) {
        this.tm = tm;
    }
 
    public X509Certificate[] getAcceptedIssuers() {
        throw new UnsupportedOperationException();
    }
 
    public void checkClientTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        throw new UnsupportedOperationException();
    }
 
    public void checkServerTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        this.chain = chain;
        tm.checkServerTrusted(chain, authType);
    }
    }
 
}

把上面這段代碼copy出來，什么都不要改，包括package名，沒有就不要加了，我是放到桌面上新建了一個跟類名相同的.java文件，然后用命令行
編譯：

javac InstallCert.java

運行：

java InstallCert domain.company.com.cn

會生成一個jssecacerts的文件,會看到如下信息：

java InstallCert ecc.fedora.redhat.com
Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...
Opening connection to ecc.fedora.redhat.com:443...
Starting SSL handshake...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 13 more
Server sent 2 certificate(s):
1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7 
   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54
2 Subject CN=Certificate Shack, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6 
   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68
Enter certificate to add to trusted keystore or 'q' to quit: [1]

輸入1，然后直接回車，會在相應(yīng)的目錄下產(chǎn)生一個名為‘jssecacerts’的證書。將證書copy到$JAVA_HOME/jre/lib/security目錄下，或者通過以下方式查看javahome的路徑：

java -verbose

最后一行就是jdk的安裝路徑
解決 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin,ssl,.net,https 文章來源地址http://www.zghlxwxcb.cn/news/detail-610659.html

到了這里，關(guān)于解決 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！

本文來自互聯(lián)網(wǎng)用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務(wù)，不擁有所有權(quán)，不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載，請注明出處：如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實不符，請點擊違法舉報進行投訴反饋，一經(jīng)查實，立即刪除！

分享到：

領(lǐng)支付寶紅包贊助服務(wù)器費用

請求https報錯證書校驗失?。╦avax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX
項目中請求第三方https的URL，報錯ssl證書校驗失敗 ssl校驗失敗有兩種可能，一種是服務(wù)端ssl證書配置錯誤，一種是客戶端請求的是非信任的https地址，客戶端不信任該https的ssl證書。懷疑是使用了自簽名證書，非各大廠提供簽名證書該問題有兩種請求方案手動下載ssl證書（
2024年02月03日
瀏覽(43)
sun.security.validator.ValidatorException: PKIXpath building failed: sun.security.provider,javax.net
報錯信息：問題描述：在java代碼中調(diào)用其他項目接口，發(fā)起的是https請求。報錯信息說找不到有效證書路徑。問題解決：信任所有SSL證書 1、新建一個SslUtil類 2、在HttpUtil工具類中修改代碼忽略HTTPS請求的SSL證書代碼，必須在openConnection之前調(diào)用解決方案參考文章https://de
2024年02月08日
瀏覽(16)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException:
生命就像人家的魔法書，涂涂改改又是一年?? 原因解決辦法完整報錯：在執(zhí)行sqoop腳本導(dǎo)數(shù)據(jù)的時候出現(xiàn) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException: NotBefore: Tue Oct 11 17:24:18 CST 2022 報錯，證書不合法，解決辦法是jdbc連接MySQL時不使用ssl協(xié)議，
2024年02月15日
瀏覽(58)
Macos jdk ssl javax.net.ssl.SSLHandshakeException完美解決
報了這么一個錯誤 javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake 網(wǎng)上一大把，測試不能用，谷歌了一下，發(fā)現(xiàn)少配置了一個環(huán)境變量。 System.setProperty(\\\"jdk.tls.useExtendedMasterSecret\\\", \\\"false\\\");//設(shè)置環(huán)境變量 /Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre/lib/security/java.se
2024年02月13日
瀏覽(25)
解決遠程調(diào)用三方接口：javax.net.ssl.SSLHandshakeException報錯
最近在對接騰訊會議API接口，在鑒權(quán)完成后開始調(diào)用對方的接口，在此過程中出現(xiàn)調(diào)用報錯：javax.net.ssl.SSLHandshakeException。當你在進行https請求時，JDK中不存在三方服務(wù)的信任證書，導(dǎo)致出現(xiàn)錯誤javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX路徑構(gòu)建失敗。
2024年02月13日
瀏覽(29)
已解決javax.net.ssl.SSLHandshakeException: SSL握手異常的正確解決方法，親測有效?。?！
已解決javax.net.ssl.SSLHandshakeException: SSL握手異常的正確解決方法，親測有效?。。?目錄問題分析場景描述報錯原因解決思路解決方法總結(jié) ?博主v：XiaoMing_Java 在開發(fā)涉及HTTPS通信的Java應(yīng)用時， javax.net.ssl.SSLHandshakeException 是一個常見的問題，它發(fā)生在客戶端與服務(wù)器嘗試建
2024年04月12日
瀏覽(20)
解決報錯：javax.net.ssl.SSLHandshakeException: No appropriate protocol
使用對象存儲進行文件上傳時報錯注：該問題只要需要用到http的都有可能出現(xiàn)，不是只針對對象存儲 jdk 的 java.security 文件存在配置問題 1、查看當前服務(wù)器使用的 jdk 版本命令： java -version 2、查看該jdk的安裝目錄命令： find / -name java.security 這里選擇通過搜索 java.security 來
2024年01月24日
瀏覽(23)
javax.net.ssl.SSLHandshakeException No appropriate protocol報錯解決方案
用java開發(fā)了一個簡單的***發(fā)送郵件***的程序，本地運行正常，但是上傳到服務(wù)器就出現(xiàn)報錯：方案一 [原文參考地址](javax.net.ssl.SSLHandshakeException: No appropriate protocol報錯解決_藍緣的博客-CSDN博客) ? 1、找到j(luò)dk目錄/jre/lib/security/java.security，去掉jdk.tls.disabledAlgorithm中的SSLv3、T
2023年04月15日
瀏覽(21)
javax.net.ssl.SSLHandshakeException
解決辦法升級jdk版本或者修改jdk文件 1、對于服務(wù)器來說要支持域名并且不進行ssl證書校驗，需要升級到j(luò)dk1.8的201版本及以上 2、修改…JavaJDKjrelibsecurity目錄下java.security文件，添加下面語句到文件內(nèi)容中
2024年02月11日
瀏覽(21)
https請求報錯:javax.net.ssl.SSLHandshakeException:Received fatal alert: unrecognized_name 的解決過程
提示：本地調(diào)試正常：項目場景：部署到WebSphere服務(wù)器上就會報上述錯誤; 一度認為是WebSphere服務(wù)器上的配置有問題,經(jīng)過多次償試,最終解決問題發(fā)現(xiàn)和服務(wù)配置無關(guān); 測試環(huán)境使用HttpClient發(fā)送https請求下載附件時報錯: 提示：項目地址是http,需要訪問的地址是https：因為訪問
2024年02月05日
瀏覽(35)

<thead id="aycaw"><div id="aycaw"><td id="aycaw"></td></div></thead>

<kbd id="aycaw"></kbd>