ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce

最新推荐文章于 2024-09-09 12:36:40 发布
最新推荐文章于 2024-09-09 12:36:40 发布
阅读量3.0k 收藏
点赞数
分类专栏: Java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Joker_honey/article/details/71487220
版权

客户端没有证书,会报以下错误:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator. Java :323)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun .NET .ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun .Net .ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)

...


1. 创建Java 类

  1. /* 
  2.  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved. 
  3.  * 
  4.  * Redistribution and use in source and binary forms, with or without 
  5.  * modification, are permitted provided that the following conditions 
  6.  * are met: 
  7.  * 
  8.  *   - Redistributions of source code must retain the above copyright 
  9.  *     notice, this list of conditions and the following disclaimer. 
  10.  * 
  11.  *   - Redistributions in binary form must reproduce the above copyright 
  12.  *     notice, this list of conditions and the following disclaimer in the 
  13.  *     documentation and/or other materials provided with the distribution. 
  14.  * 
  15.  *   - Neither the name of Sun Microsystems nor the names of its 
  16.  *     contributors may be used to endorse or promote products derived 
  17.  *     from this software without specific prior written permission. 
  18.  * 
  19.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 
  20.  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
  21.  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
  22.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
  23.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
  24.  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
  25.  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
  26.  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
  27.  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
  28.  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
  29.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  30.  */  
  31.   
  32. import java.io.*;  
  33. import java.net.URL;  
  34.   
  35. import java.security.*;  
  36. import java.security.cert.*;  
  37.   
  38. import javax.net.ssl.*;  
  39.   
  40. public class InstallCert {  
  41.   
  42.     public static void main(String[] args) throws Exception {  
  43.     String host;  
  44.     int port;  
  45.     char[] passphrase;  
  46.     if ((args.length == 1) || (args.length == 2)) {  
  47.         String[] c = args[0].split(":");  
  48.         host = c[0];  
  49.         port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);  
  50.         String p = (args.length == 1) ? "changeit" : args[1];  
  51.         passphrase = p.toCharArray();  
  52.     } else {  
  53.         System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");  
  54.         return;  
  55.     }  
  56.   
  57.     File file = new File("jssecacerts");  
  58.     if (file.isFile() == false) {  
  59.         char SEP = File.separatorChar;  
  60.         File dir = new File(System.getProperty("java.home") + SEP  
  61.             + "lib" + SEP + "security");  
  62.         file = new File(dir, "jssecacerts");  
  63.         if (file.isFile() == false) {  
  64.         file = new File(dir, "cacerts");  
  65.         }  
  66.     }  
  67.     System.out.println("Loading KeyStore " + file + "...");  
  68.     InputStream in = new FileInputStream(file);  
  69.     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());  
  70.     ks.load(in, passphrase);  
  71.     in.close();  
  72.   
  73.     SSLContext context = SSLContext.getInstance("TLS");  
  74.     TrustManagerFactory tmf =  
  75.         TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());  
  76.     tmf.init(ks);  
  77.     X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];  
  78.     SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);  
  79.     context.init(nullnew TrustManager[] {tm}, null);  
  80.     SSLSocketFactory factory = context.getSocketFactory();  
  81.   
  82.     System.out.println("Opening connection to " + host + ":" + port + "...");  
  83.     SSLSocket socket = (SSLSocket)factory.createSocket(host, port);  
  84.     socket.setSoTimeout(10000);  
  85.     try {  
  86.         System.out.println("Starting SSL handshake...");  
  87.         socket.startHandshake();  
  88.         socket.close();  
  89.         System.out.println();  
  90.         System.out.println("No errors, certificate is already trusted");  
  91.     } catch (SSLException e) {  
  92.         System.out.println();  
  93.         e.printStackTrace(System.out);  
  94.     }  
  95.   
  96.     X509Certificate[] chain = tm.chain;  
  97.     if (chain == null) {  
  98.         System.out.println("Could not obtain server certificate chain");  
  99.         return;  
  100.     }  
  101.   
  102.     BufferedReader reader =  
  103.         new BufferedReader(new InputStreamReader(System.in));  
  104.   
  105.     System.out.println();  
  106.     System.out.println("Server sent " + chain.length + " certificate(s):");  
  107.     System.out.println();  
  108.     MessageDigest sha1 = MessageDigest.getInstance("SHA1");  
  109.     MessageDigest md5 = MessageDigest.getInstance("MD5");  
  110.     for (int i = 0; i < chain.length; i++) {  
  111.         X509Certificate cert = chain[i];  
  112.         System.out.println  
  113.             (" " + (i + 1) + " Subject " + cert.getSubjectDN());  
  114.         System.out.println("   Issuer  " + cert.getIssuerDN());  
  115.         sha1.update(cert.getEncoded());  
  116.         System.out.println("   sha1    " + toHexString(sha1.digest()));  
  117.         md5.update(cert.getEncoded());  
  118.         System.out.println("   md5     " + toHexString(md5.digest()));  
  119.         System.out.println();  
  120.     }  
  121.   
  122.     System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");  
  123.     String line = reader.readLine().trim();  
  124.     int k;  
  125.     try {  
  126.         k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;  
  127.     } catch (NumberFormatException e) {  
  128.         System.out.println("KeyStore not changed");  
  129.         return;  
  130.     }  
  131.   
  132.     X509Certificate cert = chain[k];  
  133.     String alias = host + "-" + (k + 1);  
  134.     ks.setCertificateEntry(alias, cert);  
  135.   
  136.     OutputStream out = new FileOutputStream("jssecacerts");  
  137.     ks.store(out, passphrase);  
  138.     out.close();  
  139.   
  140.     System.out.println();  
  141.     System.out.println(cert);  
  142.     System.out.println();  
  143.     System.out.println  
  144.         ("Added certificate to keystore 'jssecacerts' using alias '"  
  145.         + alias + "'");  
  146.     }  
  147.   
  148.     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();  
  149.   
  150.     private static String toHexString(byte[] bytes) {  
  151.     StringBuilder sb = new StringBuilder(bytes.length * 3);  
  152.     for (int b : bytes) {  
  153.         b &= 0xff;  
  154.         sb.append(HEXDIGITS[b >> 4]);  
  155.         sb.append(HEXDIGITS[b & 15]);  
  156.         sb.append(' ');  
  157.     }  
  158.     return sb.toString();  
  159.     }  
  160.   
  161.     private static class SavingTrustManager implements X509TrustManager {  
  162.   
  163.     private final X509TrustManager tm;  
  164.     private X509Certificate[] chain;  
  165.   
  166.     SavingTrustManager(X509TrustManager tm) {  
  167.         this.tm = tm;  
  168.     }  
  169.   
  170.     public X509Certificate[] getAcceptedIssuers() {  
  171.         throw new UnsupportedOperationException();  
  172.     }  
  173.   
  174.     public void checkClientTrusted(X509Certificate[] chain, String authType)  
  175.         throws CertificateException {  
  176.         throw new UnsupportedOperationException();  
  177.     }  
  178.   
  179.     public void checkServerTrusted(X509Certificate[] chain, String authType)  
  180.         throws CertificateException {  
  181.         this.chain = chain;  
  182.         tm.checkServerTrusted(chain, authType);  
  183.     }  
  184.     }  
  185.   
  186. }  


2. 命令行编译 Java 文件( 切换到 类 所在路径 )

javac InstallCert.java   ( javac 命令不好使,jdk 配置环境变量, 现在java8 安装版不用配置环境变量 直接就可以使用 java -version )

   java InstallCert host  执行命令


3. 输入1 , 看清楚提示 q 直接退出了, 1 生成文件 “jssecacerts”。


4.把这个文件拷贝到 JAVA_HOME/jre/lib/security目录中,重命名为"cacerts".  以防万一 将自己原来的文件备份。


Joker_0312
关注
专栏目录
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fi
m0_37593004的博客
04-15 877
HTTPS 报错 Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_171] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_171]
解决 sun.security.validator.ValidatorException: PKIX path building failed 的问题,绕过证书的检查实现
chao_9836的博客
02-09 1万+
错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find...
SSL.7z,解决PKIX path building failed 的问题
03-10
PKIX path building failed 的问题。解决本地环境中报错 PKIX path building failed 的问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
Springboot报错:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
最新发布
qq_35155680的博客
09-09 1200
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target minio报错问题解决
sun.security.validator.ValidatorExceptionPKIpath building failedsun.security.provider.certpath
lovezx1028的专栏
12-13 862
解决https请求设置 sun.security.validator.ValidatorException:PKIXpathbuildingfailed:sun.security.provider.certpath.SunCertPathBuilderException:unabletofindvalidcertificationpathtorequestedtarge...
报错sun.security.validator.ValidatorException: PKIX path building failed
热门推荐
Arya的博客
05-16 6万+
在执行webservice的过程中,出现如下异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable ...
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath
振华OPPO的博客世界
11-30 2万+
由于JVM默认信任证书不包含该目标网站的SSL证书,导致无法建立有效的信任链接。所以我们将原先的google()和jcenter()仓库替换为国内的仓库。然后重新Sync项目,成功开始下载依赖。
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
weixin_46028606的博客
05-02 7702
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath...
weixin_30662849的博客
07-19 1085
httpclient-4.5.jar 定时发送http包,忽然有一天报错,http证书变更引起的。 之前的代码 try { CloseableHttpClient httpClient = buildDefaultHttpClient(); String url = domain.getUrl(); ...
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
08-08
其中,`mycert`是别名,`cacerts`是证书库文件,`/path/to/certificate.cer`是要导入的根证书文件路径。 3. 检查证书链完整性:确保您的SSL证书链完整,包括正确的中间证书和根证书。如果缺少中间证书或根证书,则...
maven install报错maven sun.security.validator.ValidatorException: PKIX path building failed
集北卡卡罗特的博客
12-08 1931
如题,在IDEA中使用maven install操作时,报错: [ERROR] Plugin org.apache.maven.plugins:maven-resources-plugin:3.0.2 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache...
如何解决HTTPS请求报错sun.security.validator.ValidatorException: PKIX path building failed
qq_43657722的博客
03-26 1万+
在Java中进行网络请求时出现"sun.security.validator.ValidatorException: PKIX path building failed"错误通常是由于SSL证书验证失败引起的。本文章提供了4中解决方案,有图、有代码、有验证。亲测可用。打包时踩坑也有解决方案,非常详细。
sun.security.validator.ValidatorException: PKIX path building failed:
MayMatrix 的博客
09-21 508
com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed: Refer 1: Fix for PKIX path building failed Error:sun.s...
Jsoup爬取缺少安全证书异常
qq_42897733的博客
05-21 834
项目场景: 抓取https网站数据失败 问题描述: 出现异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值