解决PKIX path building failed的问题

最新推荐文章于 2024-03-08 11:15:00 发布
最新推荐文章于 2024-03-08 11:15:00 发布
阅读量4k 收藏 1
点赞数
分类专栏: ca证书 文章标签: ca 证书 ssl webservice

在一次调试中,出现了这个错误: 

[ERROR] http-8080-Processor25 2010-01-20 15:29:28,640 org.jasig.cas.client.validation.Cas20ServiceTicketValidator     - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:58)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:167)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:141)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:137)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:149)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at com.web114.web.filter.UTF8EncoderFilter.doFilter(UTF8EncoderFilter.java:57)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Unknown Source)

这个错误最终定位在这个方法: 

protected final String retrieveResponseFromServer(final URL validationUrl,
final String ticket) {
HttpURLConnection connection = null;
try {
connection = (HttpURLConnection) validationUrl.openConnection();
final BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream()));


String line;
final StringBuffer stringBuffer = new StringBuffer(255);


synchronized (stringBuffer) {
while ((line = in.readLine()) != null) {
stringBuffer.append(line);
stringBuffer.append("\n");
}
return stringBuffer.toString();
}


} catch (final IOException e) {
log.error(e, e);
return null;
} catch (final Exception e1){
log.error(e1, e1);
return null;
}finally {
if (connection != null) {
connection.disconnect();
}
}
}


后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法: 

trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);


具体的实现是: 

HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: " + urlHostName + " vs. "
                               + session.getPeerHost());
            return true;
        }
    };

private static void trustAllHttpsCertificates() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext
.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
}


static class miTM implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}


public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}


public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}


public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}


public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}



hulua2010
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
解决 sun.security.validator.ValidatorException: PKIX path building failed问题
chao_9836的博客
12-02 4万+
错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find ...
完美解决Maven:sun.security.validator.ValidatorException: PKIX path building failed
技术宅,专注云原生、Go、Linux、Java等技术分享,原创文章、效率工具、实战解决方案!关注我,了解互联网动态,学 IT 不迷路
05-03 3万+
Maven:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
分析解决 PKIX path building failed问题
最新发布
rainyspring4540的专栏
03-08 1482
现象和我的完全一样,解决方式的流程上也没问题,最后也解决了我的问题。阅读下文前,先看完并熟悉上面的文章,如果您的过程非常顺利,后面文请无视。
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath
振华OPPO的博客世界
11-30 9122
由于JVM默认信任证书不包含该目标网站的SSL证书,导致无法建立有效的信任链接。所以我们将原先的google()和jcenter()仓库替换为国内的仓库。然后重新Sync项目,成功开始下载依赖。
最全解决 PKIX问题方案:sun.security.validator.ValidatorException: PKIX path building failed:
qq_43163943的博客
11-04 5万+
这个问题的根本原因是你安装JDK时,Java\jar 1.8.0_141\lib\ext\里面缺少了一个安全凭证jssecacerts证书文件,通过运行下面类可以生成证书,将生成的证书放在Java\jar 1.8.0_141\lib\ext\这个目录下,重启编译器就可以解决。 我只能说这个方法应该是解决大部分的问题吧,对于我电脑这种顽强的bug,需要通过两种方法的结合才可以从根本上解决这个问题,废话不多说,看我的解决步骤。 1、先检查你的jdk...
sun.security.validator.ValidatorException: PKIX path building failed
贾世鑫的博客
09-14 4889
PKIX的全称为Public-Key Infrastructure (X.509),通过wiki百科我们可以知道X.509是一种证书的标准,这种标准用在很多网络协议,比如TLS/SSL。而TLS/SSL是HTTPS协议的标准(HTTPS比HTTP多的部分就在于TLS/SSL)。 通俗的讲,PKIX path building failed 出现的原因是因为自己的Java环境没有相关网站的证书而导致的。解决问题的思路是要么添加证书要么选择忽略证书校验,本文分别介绍okhttp,curl,wget和中忽略
SSL.7z,解决PKIX path building failed问题
03-10
PKIX path building failed问题解决本地环境中报错 PKIX path building failed问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
PKIX path building failed
12-07
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
jssecacerts
05-18
Java\jar 1.8.0_141\lib\ext\里面缺少了一个安全凭证jssecacerts证书文件,通过运行下面类可以生成证书,将生成的证书放在Java\jar 1.8.0_141\lib\ext\这个目录下,重启编译器就可以解决
解决 sun.security.validator.ValidatorException: PKIX path building failed问题,绕过证书的检查实现
chao_9836的博客
02-09 1万+
错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find...
解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin
热门推荐
chaishen10000的专栏
10-10 12万+
详细分析Java中访问https请求exception(SSLHandshakeException, SSLPeerUnverifiedException)的原因及解决方法。1、现象 用JAVA测试程序访问下面两个链接。 https链接一:web服务器为jetty,后台语言为java。 https链接二:web服务器为nginx,后台语言为php。 链接一能正常访问,访问链接二报异常,且用Http...
解决 sun.security.validator.ValidatorException: PKIX path building failed:
走马川行雪的博客
12-27 6万+
错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provid...
解决ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCert...
lovelyshowy的博客
01-23 2066
网上查了一下,这是在JDK8及以上高版本使用中,因为源应用程序不信任目标应用程序的证书,在源应用程序的JVM信任库中找不到该证书证书链的原因导致的。因为生成文书这个方法需要编译工具类,我这有个已经编译好的,可以直接下载下来用,生成方法参考大神的教程就行。再就是手动生成证书文件,然后放到jdk对应目录下,重启就行,亲测好用。线上与三方对接的接口项目,因无良三方悄悄升级启用https而导致……网上方法不少,一是通过程序设置信任所有证书,不知道怎么搞,没试。二是删除jdk下安全文件的配置信息,亲测没毛用。
idea中springboot项目,mave下载包报错Maven:sun.security.validator.ValidatorException: PKIX path building faile
m0_37641835的博客
06-19 1023
完美解决Maven:sun.security.validator.ValidatorException: PKIX path building failed 文章目录 一、maven报错 二、一些说明 三、出现问题的原因和几种解决方法 忽略SSL证书检查 生成证书并导入到 JRE security 中 使用默认的 maven 中央仓库 使用 http 的镜像库 四、参考链接 记录使用 maven 时遇到的问题。第一种方法最方便,亲测能用。 一、ma.
解决 sun.security.validator.ValidatorException: PKIX path building failed
Chioce的博客
08-04 5761
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid c
httpClient报错 PKIX path building failed
08-16
根据引用的信息,错误信息中提到了sun.security.validator.ValidatorException: PKIX path building failed,这意味着在验证服务器的证书时出现了问题。引用提供了解决方案,即将目标网站的证书导入到jdk中。 为了...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值