解决Java在请求某些不受信任的https网站时会报：PKIX path building failed

Java在请求某些不受信任的https网站时会报：

发送GET请求出现异常！javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.pachong.util.http.HttpRequest.sendGet(HttpRequest.java:51)
at com.pachong.util.http.HttpRequest.main(HttpRequest.java:130)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more

解决办法：

1、手动导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书，因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法，在连接openConnection的时候忽略掉证书就行了。

先说第二种 用程序重写方法   信任所有SSL证书

新建一个工具类SslUtil.java  在打开连接之前调用此类 ignoreSsl()方法

package SslUtils;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SslUtil {
	private static void trustAllHttpsCertificates() throws Exception {  
	    TrustManager[] trustAllCerts = new TrustManager[1];  
	    TrustManager tm = new miTM();  
	    trustAllCerts[0] = tm;  
	    SSLContext sc = SSLContext.getInstance("SSL");  
	    sc.init(null, trustAllCerts, null);  
	    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());  
	}  
	  
	static class miTM implements TrustManager,X509TrustManager {  
	    public X509Certificate[] getAcceptedIssuers() {  
	        return null;  
	    }  
	  
	    public boolean isServerTrusted(X509Certificate[] certs) {  
	        return true;  
	    }  
	  
	    public boolean isClientTrusted(X509Certificate[] certs) {  
	        return true;  
	    }  
	  
	    public void checkServerTrusted(X509Certificate[] certs, String authType)  
	            throws CertificateException {  
	        return;  
	    }  
	  
	    public void checkClientTrusted(X509Certificate[] certs, String authType)  
	            throws CertificateException {  
	        return;  
	    }  
	}  
	   
	/** 
	 * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用 
	 * @throws Exception 
	 */  
	public static void ignoreSsl() throws Exception{  
	    HostnameVerifier hv = new HostnameVerifier() {  
	        public boolean verify(String urlHostName, SSLSession session) {  
	            System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());  
	            return true;  
	        }  
	    };  
	    trustAllHttpsCertificates();  
	    HttpsURLConnection.setDefaultHostnameVerifier(hv);  
	}  
}

另外一种方法 导入证书

例如下载360 的安全证书，使用浏览器打开要调用的接口链接：https://api.e.360.cn/account/clientLogin，然后查看证书导出证书到本地，文件名取成 调用api的域名api.e.360.cn

将数字证书保存到jdk1.6.0_17\jre\lib\security，  将该目录下的
cacerts 设置成可读写权限。
在该目录下打开cmd    运行
keytool -import -trustcacerts -alias api.e.360.cn -file api.e.360.cn.cer -keystore cacerts -storepass changeit 
注意：cacerts 文件的读写权是否有