整理异常:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:

最新推荐文章于 2024-07-23 15:53:42 发布
最新推荐文章于 2024-07-23 15:53:42 发布
阅读量2.7k 收藏 1
点赞数 2
分类专栏: springboot 文章标签: java https ssl
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/CodeOfRabbit/article/details/103599194
版权

堆栈错误先贴出来:

org.springframework.web.client.ResourceAccessException: I/O error on POST request for “https的url地址”: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification p

我当时的情况是自己的开发环境可以请求到对方的https地址,但是发布到Linux的测试环境后请求不通,报错如上.解决回顾后,觉得当时做的无用功挺多,现在想来按以下步骤确认解决问题会节省很多时间.

1.环境确认

一定要先确定自己的环境中的防火墙,代理,配置正确.从整个大局上分析解决问题.
可以使用curl -k (跳过证书)命令,wget命令等测试自己请求的https地址是否可以在环境中连通.我是使用wget命令提示访问被拒绝wget请求

2.生成证书,导入证书或安装证书

1.生成证书,上传到Linux上,并在代码中引用:
https://blog.csdn.net/i_like1/article/details/80334298
2.从浏览器中下载对应证书,并上传到Linux找那个的jdk环境中:
https://blog.csdn.net/liangcha007/article/details/84661532

3.代码层面改造

restTemplate代码:

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpEntity;
import org.springframework.web.client.RestTemplate;
import org.springframework.http.ResponseEntity;

HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<>(headers);

RestTemplate restTemplate = new RestTemplate();
restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
SslUtils.ignoreSsl();
ResponseEntity<Res> resEntity = restTemplate.postForEntity(url, entity, Res.class);

SslUtils代码:

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SslUtils {

	public static void trustAllHttpsCertificates() throws Exception {
		TrustManager[] trustAllCerts = new TrustManager[1];
		TrustManager tm = new miTM();
		trustAllCerts[0] = tm;
		SSLContext sc = SSLContext.getInstance("SSL");
		sc.init(null, trustAllCerts, null);
		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
	}

	static class miTM implements TrustManager, X509TrustManager {
		@Override
        public X509Certificate[] getAcceptedIssuers() {
			return null;
		}

		public boolean isServerTrusted(X509Certificate[] certs) {
			return true;
		}

		public boolean isClientTrusted(X509Certificate[] certs) {
			return true;
		}

		@Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
			return;
		}

		@Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
			return;
		}
	}

	/**
	 * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
	 * 
	 * @throws Exception
	 */
	public static void ignoreSsl() throws Exception {
		HostnameVerifier hv = new HostnameVerifier() {
			@Override
            public boolean verify(String urlHostName, SSLSession session) {
				return true;
			}
		};
		trustAllHttpsCertificates();
		HttpsURLConnection.setDefaultHostnameVerifier(hv);
	}
}
  • httpsClient请求(未采纳)
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.util.EntityUtils;
import com.alibaba.fastjson.JSON;

  Res res = null;
  CloseableHttpClient httpsClient = null;
  try {
      httpsClient = (CloseableHttpClient) HttpClientFactoryWithNoSSL.getHttpsClient();
  } catch (Exception e) {
      e.printStackTrace();
  }
  HttpGet httpGet = new HttpGet(url);

  httpGet.addHeader("Content-Type", "application/json");
  String mem = "";
  CloseableHttpResponse responseMem = null;
  CloseableHttpResponse responseCPU = null;
  CloseableHttpResponse responseDisk = null;
  try {
      responseMem = httpsClient.execute(httpGet);
      if (responseMem.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
          mem = "0";
      } else {
          org.apache.http.HttpEntity resEntity = responseMem.getEntity();
          if (resEntity != null) {
              mem = EntityUtils.toString(resEntity, "UTF-8");
              res = JSON.parseObject(mem,Res.class);
          }
          EntityUtils.consume(resEntity);//要消耗消息实体,这是必须步骤
      }
  } catch (Exception e1) {
      e1.printStackTrace();
      mem = "0";
  } finally {
      try {
          if(responseMem != null){
              responseMem.close();//尝试关闭资源,将socket连接返回给资源池
          }
      } catch (IOException e) {
          e.printStackTrace();
      }
  }

gradle引入信息,可自行转换成maven格式

compile('org.apache.httpcomponents:httpclient:4.5.3')

所需的HttpClientFactoryWithNoSSL类

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import com.walmart.workwechat.manager.HttpsTrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

public class HttpClientFactoryWithNoSSL {

    private static CloseableHttpClient client;
    //连接池
    private static HttpClientConnectionManager poolingConnManager = new PoolingHttpClientConnectionManager();

    /**
     * 获取不需要ssl认证的httpClient实例
     *
     * @Title: getHttpsClientWithNoCert
     * @Description: TODO
     * @Author: Think
     * @Date :Jan 16, 2019
     * @return: HttpClient
     */
    public static HttpClient getHttpsClient() throws Exception {

        if (client != null) {
            return client;
        }
        SSLContext sslcontext = SSLContexts.custom().useSSL().build();
        sslcontext.init(null, new X509TrustManager[]{new HttpsTrustManager()}, new SecureRandom());
        SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslcontext,
                SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        client = HttpClients.custom().setConnectionManager(poolingConnManager).setSSLSocketFactory(factory).build();

        return client;
    }

    public static void releaseInstance() {
        client = null;
    }
}
  • httpsClient2请求
import javax.net.ssl.SSLContext;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;

        WeChatTokenRes res = null;
        SSLContext sslcontext = null;
        try {
            //设置协议http和https对应的处理socket链接工厂的对象
            sslcontext = createIgnoreVerifySSL();
            Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                    .register("http", PlainConnectionSocketFactory.INSTANCE)
                    .register("https", new SSLConnectionSocketFactory(sslcontext))
                    .build();
            PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
            HttpClients.custom().setConnectionManager(connManager);
            //创建自定义的httpclient对象
            CloseableHttpClient client = HttpClients.custom().setConnectionManager(connManager).build();
            //处理请求参数拼接(参数为json) 如:?name = ""&pwd = ""
            String urlNameString = url;
            //创建get方式请求对象
            HttpGet get = new HttpGet(urlNameString);
            //指定报文头Content-type、User-Agent
            //get.setHeader("Content-type", "application/x-www-form-urlencoded");
            get.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2");
            //执行请求操作,并拿到结果(同步阻塞)
            CloseableHttpResponse response = client.execute(get);
            //获取结果实体
            org.apache.http.HttpEntity entity = response.getEntity();
            if (entity != null) {
                //按指定编码转换结果实体为String类型
                String body = EntityUtils.toString(entity, "UTF-8");
                res = JSON.parseObject(body,WeChatTokenRes.class);
                // 返回对外IP信息
                res.setMessage(body);
            }
            EntityUtils.consume(entity);
            //释放链接
            response.close();
        } catch (ClientProtocolException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }finally{

        }
        return res;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

    public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sc = SSLContext.getInstance("SSLv3");

        // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
        X509TrustManager trustManager = new X509TrustManager() {
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) {
            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };

        sc.init(null, new TrustManager[] { trustManager }, null);
        return sc;
    }

4.总结

以上从环境,证书,代码三个方面解决报错问题.我最后使用的restTemplate方式请求通过的.以上经验供借鉴参考.

托木卡特
关注
专栏目录
解决 sun.security.validator.ValidatorException: PKIX path building failed 的问题,绕过证书的检查实现
chao_9836的博客
02-09 1万+
错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find...
【开发中遇到的小问题】无法发送https协议的请解决方案 PKIX path building failed: sun.security.provider.certpath.SunCertPathB
muzi木子
02-11 2265
控制台异常堆栈输出: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe...
Java Apache Http绕过Https证书校验:PKIX failed: SunCertPathBuilderException:unable to find valid certificat
最新发布
张小凡
07-23 294
Java Apache Http绕过Https证书校验:PKIX failed: SunCertPathBuilderException:unable to find valid certificat
异常PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
热门推荐
小单的博客专栏
06-26 3万+
问题 java使用httpclient或者restTemplate进行https请求时,出现如下异常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP...
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
ChengYanan的博客
08-07 6269
http://maven.aliyun.com/nexus/content/groups/public/,仓库地址更新为了https,所以下载时需要ssl认证,我们可以忽略ssl检查导致的问题,我们可以直接忽略该检查使用命令: 在项目路径下打开终端命令: mvn clean install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true 也可以在构建工具maven中的importing中的导入器的vm选项
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fin
技匠而已
05-28 1万+
异常PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target。摘要:java访问Https接口获取数据异常。有些电脑环境可以运行,有些环境不能运行。无法找到到请求目标的有效认证路径。
解决eclipse的PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException问题
qq_38069453的博客
07-06 1363
因为远程办公,使用了VPN,而且还无法关闭的VPN的情况下,(如果vpn可以断开的小伙伴,你可以直接断开vpn连个热点试试,一般没问题,如果不行你再看下面的文章)eclipse的MarketPlace打开之后报错 :PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException...
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fi
m0_37593004的博客
04-15 763
HTTPS 报错 Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_171] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_171]
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
知其然知其所以然
12-05 2万+
自己搭建的邮件服务器 + 自签的SSL证书,通过代码调用时是不受jdk是信任的。 CA比较新或自行颁发的证书,需要将证书加入到jdk的信任证书库中, 把该证书导入java中的cacerts证书库里 Jdk的安装目录 C:\Program Files\Java\jdk1.8.0\jre\lib\security 执行系统命令: 1、进入安装目录 cd C:\Program Files\J...
maven-pom报错PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
qq_40302378的博客
03-05 827
问题描述: Failure to transfer org.apache.maven:maven-archiver:pom:2.5 from https://maven.aliyun.com/repository/public was cached in the local repository, resolution will not be reattempted until the updat...
解决ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCert...
lovelyshowy的博客
01-23 4622
网上查了一下,这是在JDK8及以上高版本使用中,因为源应用程序不信任目标应用程序的证书,在源应用程序的JVM信任库中找不到该证书或证书链的原因导致的。因为生成文书这个方法需要编译工具类,我这有个已经编译好的,可以直接下载下来用,生成方法参考大神的教程就行。再就是手动生成证书文件,然后放到jdk对应目录下,重启就行,亲测好用。线上与三方对接的接口项目,因无良三方悄悄升级启用https而导致……网上方法不少,一是通过程序设置信任所有证书,不知道怎么搞,没试。二是删除jdk下安全文件的配置信息,亲测没毛用。
Jsoup爬取缺少安全证书异常
qq_42897733的博客
05-21 813
项目场景: 抓取https网站数据失败 问题描述: 出现异常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
Joker_honey的博客
05-09 3010
客户端没有证书,会报以下错误: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
java项目请求报错PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
Lin_Miao_09的博客
04-30 1080
报错: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certifi...
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
09-15
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. This error occurs when the SSL certificate of the target server cannot be validated by the Java Virtual Machine (JVM). The JVM is unable to establish a trusted connection because it cannot find a valid certification path. To resolve this issue, you can try the following steps: 1. Update the Java Runtime Environment (JRE) or Java Development Kit (JDK) to the latest version available. This ensures that you have the latest trusted root certificates. 2. Import the SSL certificate of the target server into the Java keystore. You can use the keytool command-line tool to import the certificate. Here's an example command: ``` keytool -importcert -alias server -keystore cacerts -file server.crt ``` Replace "server" with an alias of your choice, "cacerts" with the path to the Java keystore file (usually located in the JRE installation directory), and "server.crt" with the path to the SSL certificate file. 3. If you are using a custom truststore, ensure that it contains all necessary certificates, including any intermediate or root certificates required to establish trust with the target server. 4. If you are running your application behind a proxy server, make sure that the proxy server's SSL certificate is valid and trusted by your JVM. By following these steps, you should be able to resolve the PKIX path building failed error and establish a successful SSL connection.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值