随着Azure服务在国内的开展,不少Java用户也开始在国内Azure部署应用。不过,目前有一个问题,是关于证书。国内Azure服务HTTPS端点的证书,是由CNNIC颁发的,而CNNIC作为一个根证书颁发机构,不被Oracle JDK信任。如果通过Oracle JDK开发一个应用,要去访问国内Azure的各种HTTPS地址,比如管理API、Service Bus、存储URL、SQL数据库等等,都会遇到类似下面的问题
Dec 13, 2013 8:35:57 PM com.microsoft.sqlserver.jdbc.TDSChannel enableSSL
INFO: java.security path: C:\Program Files\Java\jre6\lib\security
Security providers: [SUN version 1.6, SunRsaSign version 1.5, SunJSSE version 1.6, SunJCE version 1.6, SunJGSS version 1.0, SunSASL version 1.5, XMLDSig version 1.0, SunPCSC version 1.6]
SSLContext provider info: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SSLContext provider services:
[SunJSSE: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
.......
TrustManagerFactory provider info: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
TrustManagerFactory default algorithm: PKIX
java.ext.dirs: C:\Program Files\Java\jre6\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:4b1a3848-7aa5-4474-b7fc-25f79f52b4de
报错的