PKIX path building failed 异常

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/boom_man/article/details/90241592

1.你可能已经在网上尝试了各种方法加载证书,但是始终失败

那么尝试下这个在启动时加入-Djavax.net.debug=all
在这里插入图片描述
然后项目启动后就会加载了哪些证书
在这里插入图片描述
Ctrl+F 搜索下有没有加载,如果没有加载那肯定失败哈

2.jdk启动到底加载的是哪个证书呢

%JAVA_HOME%\jre\lib\security\cacerts

但是你生成的或者import的并不是这个里面,你看看你执行命令的当前目录下是否有个cacerts文件
如果有,那怎么可能导入到jdk要加载的文件里了呢。

如果本文对你有帮助,麻烦点个赞,如果还有问题,可以左侧微信联系

导入证书

keytool -import -noprompt -trustcacerts -alias test -file  xxxx.cer -keystore cacerts -storepass changeit

查询

keytool -list -keystore cacerts |findstr /s test

删除

keytool -delete -alias test -keystore cacerts

参考:彻底弄懂“PKIX path building failed”问题

展开阅读全文

PKIX path building failed,找不到认证书,如何解决

06-19

Hi All:rn rn I ‘m getting some errors when I using SSL protocol to Connection open source XDS registry. I write some code make connection to the registry as below, and I can connect to the registry correct, but when I using the connection save some object to the registry, there some error returned like ‘PKIX path building failed’.rnrn(大家好,我在使用SSL链接开源项目XDS Registry时出现了一些错误,我能够连接这个项目,但是执行save操作时会出现"PKIX path building faild的异常",请大家帮忙解决,已经困扰我很久了,非常感谢。)rnrn Code segment :rnrn public Connection makeConnection(String queryUrl, String publishUrl) rnrn Properties props = new Properties(); rnrn props.setProperty("javax.xml.registry.queryManagerURL",queryUrl); rn props.setProperty("javax.xml.registry.lifeCycleManagerURL", publishUrl);rn RegistryService rs = null; rn Collection orgs = null; rn try rn ConnectionFactory factory = JAXRUtility.getConnectionFactory();rn factory.setProperties(props); rn connection = factory.createConnection(); rn System.out.println("Created connection to registry"); rn HashSet credentials = new HashSet();rn SecurityUtil securityUtil = SecurityUtil.getInstance();rn credentials.add(securityUtil.aliasToX500PrivateCredential("testuser", "testuserpasswd"));rn connection.setCredentials(credentials);rn rs = connection.getRegistryService(); rn bqm = rs.getBusinessQueryManager(); rn bcm = rs.getBusinessLifeCycleManager(); rn catch (Exception e) rn e.printStackTrace(); rnrn if (connection != null) rn try rn connection.close(); rn catch (JAXRException je)rn ;rn rn rn rn return connection; rn rnrn error msg:rn sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrnrn at sun.security.validator.PKIXValidator.doBuild(Unknown Source)rnrn at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)rnrn at sun.security.validator.Validator.validate(Unknown Source)rnrn at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)rnrn at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)rnrn ... 29 morernrnCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrnrn at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)rnrn at java.security.cert.CertPathBuilder.build(Unknown Source)rnrn ... 34 morernrnplese tell me the answer ,thank you very much! rn 论坛

CAS(SSO) tomcat ssl 配置出错 PKIX path building failed

10-15

项目中要用到YALE 的CAS,rnrnServer端 Tomcatrn https://localhost:8443/cas/login 输入nike/nike 提示登录成功rnrnClient端,也是在同一台机器的tomcat下rn http://localhost:8080/MyTest/index.jsp页面会出现安全提示警告,确认后跳转到https://localhost:8443/cas/login rn 输入nike/nike,返回错误提示rn[code=Java]rnexception rnrnjavax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)rn edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)rnrnrnroot cause rnrnjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)rn com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)rn com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)rn com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)rn com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)rn com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)rn com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)rn com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)rn com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)rn com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)rn com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)rn com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)rn sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)rn sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)rn sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)rn sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)rn edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)rn edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)rn edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)rn edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)rn[/code]rn下面是我证书生成的过程rn[code=Java]rnrnD:\Tomcat 5.5>keytool -genkey -alias tomcat -keypass changeit -keyalg RSArn Enter keystore password: changeitrn What is your first and last name?rn [Unknown]: localhostrn What is the name of your organizational unit?rn [Unknown]: devrn What is the name of your organization?rn [Unknown]: ghlrn What is the name of your City or Locality?rn [Unknown]: szrn What is the name of your State or Province?rn [Unknown]: jsrn What is the two-letter country code for this unit?rn [Unknown]: chrn Is CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch correct?rn [no]: yrnrnrnD:\Tomcat 5.5>keytool -export -alias tomcat -keypass changeit -file server.crtrn Enter keystore password: changeitrn Certificate stored in file rnrnD:\Tomcat 5.5>keytool -import -file server.crt -keypass changeit -keystore "D:\Prnrogram Files\Java\jdk1.5.0_07\jre\lib\security\cacerts"rn Enter keystore password: changeitrn Owner: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=chrn Issuer: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=chrn Serial number: 4ad6c7b8rn Valid from: Thu Oct 15 14:56:56 CST 2009 until: Wed Jan 13 14:56:56 CST 2010rn Certificate fingerprints:rn MD5: B3:94:76:16:3B:42:0D:F0:EB:EF:3F:23:64:05:F9:38rn SHA1: 52:5A:14:38:AB:4D:19:E7:64:2D:E8:51:88:D1:6D:3F:ED:4B:ED:5Drn Trust this certificate? [no]: yesrn Certificate was added to keystorernrnD:\Tomcat 5.5>rnrn【/code]rnrn客户端配置rn[code=Java]rnrnrn rn CASFilter rn edu.yale.its.tp.cas.client.filter.CASFilter rn rn edu.yale.its.tp.cas.client.filter.loginUrl rn https://localhost:8443/cas/login rn rn rn rn edu.yale.its.tp.cas.client.filter.validateUrl rn https://localhost:8443/cas/proxyValidate rn rn rn rn rn edu.yale.its.tp.cas.client.filter.serverName rn localhost:8080 rn rn rn rn rn CASFilter rn /* rn rnrn rn index.jsprn rnrnrn[/code]rn 论坛

用httpclient, 出现错误 error PKIX path building failed

06-14

我用httpclient 调用一个https的URL,在其中的一台机器上,运行,出现如下的错误。其它几台都好的,几台机器上的 /usr/java/jdk1.6.0_14/jre/lib/security/cacerts 都一样。rnrn请高手指点!!先谢谢了。rnrnsun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrnException in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)rn at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)rn at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)rn at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)rn at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)rn at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)rn at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)rn at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)rn at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)rn at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)rn at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)rn at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)rn at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)rn at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)rn at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)rn at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)rn at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)rn at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)rn at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)rn at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)rn at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)rn at HttpClientTest.executeWapiCommand(HttpClientTest.java:47)rn at HttpClientTest.main(HttpClientTest.java:21)rnCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)rn at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)rn at sun.security.validator.Validator.validate(Validator.java:218)rn at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)rn at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)rn at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)rn at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)rn ... 18 morernCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)rn at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)rn at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)rn ... 24 more 论坛

https请求出现sun.security.validator.ValidatorException: PKIX path building failed

10-13

百度了一下总体说来是安全证书的问题,ssl过期什么的rn使用小米推送的SDK,人家SDK的底层使用了https的request,在我的电脑上运行没有问题,但是放在服务器上跑就出现问题了rn对于https请求这一块确实不是很了解,求各位大神支招啊rnrn代码是C#的,SDK是JAVA的,使用的ikvm将JAVA的包转成了dll使用rn报错代码:rn2016-10-13 16:35:01,421 [ERROR] java.io.IOException: Failed to send http request after 1 attempts: remote server c3.api.xmpush.xiaomi.com(123.125.102.38)rnException javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrnsun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetrn sun.security.ssl.AlertsgetSSLException (Alerts.java:193)rn sun.security.ssl.SSLSocketImplfatal (SSLSocketImpl.java:-1)rn sun.security.ssl.HandshakerfatalSE (Handshaker.java:276)rn sun.security.ssl.HandshakerfatalSE (Handshaker.java:270)rn sun.security.ssl.ClientHandshakerserverCertificate (ClientHandshaker.java:1340)rn sun.security.ssl.ClientHandshakerprocessMessage (ClientHandshaker.java:155)rn sun.security.ssl.HandshakerprocessLoop (Handshaker.java:869)rn sun.security.ssl.Handshakerprocess_record (Handshaker.java:806)rn sun.security.ssl.SSLSocketImplreadRecord (SSLSocketImpl.java:1033)rn sun.security.ssl.SSLSocketImplperformInitialHandshake (SSLSocketImpl.java:1328)rn sun.security.ssl.SSLSocketImplstartHandshake (SSLSocketImpl.java:1355)rn sun.security.ssl.SSLSocketImplstartHandshake (SSLSocketImpl.java:1339)rn sun.net.www.protocol.https.HttpsClientafterConnect (HttpsClient.java:516)rn sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectionconnect (AbstractDelegateHttpsURLConnection.java:185)rn sun.net.www.protocol.http.HttpURLConnectiongetOutputStream (HttpURLConnection.java:1092)rn sun.net.www.protocol.https.HttpsURLConnectionImplgetOutputStream (HttpsURLConnectionImpl.java:250)rn com.xiaomi.xmpush.server.HttpBasedoPost (HttpBase.java:195)rn com.xiaomi.xmpush.server.HttpBase$1action (HttpBase.java:143)rn com.xiaomi.xmpush.server.HttpBasehttpRequest (HttpBase.java:107)rn com.xiaomi.xmpush.server.HttpBasedoPost (HttpBase.java:140)rn com.xiaomi.xmpush.server.SendersendMessage (Sender.java:628)rn com.xiaomi.xmpush.server.SendersendMessageNoRetry (Sender.java:459)rn com.xiaomi.xmpush.server.SendersendToAliasNoRetry (Sender.java:266)rn com.xiaomi.xmpush.server.SendersendToAlias (Sender.java:238)rn com.xiaomi.xmpush.server.SendersendToAlias (Sender.java:215)rn cli.Push.XiaoMi.XiaoMiPushSystempushMessageToApp (null:-1)rn cli.PushTable.Program$$$003C$$003Ec__DisplayClass5 b__0 (null:-1) 论坛

没有更多推荐了,返回首页