服务端在使用HttpClient调用https服务时,会抛出PKIX path building failed异常,该异常为认证证书的问题,有两种解决方法:
###1.设置默认信任
直接上代码:
//**
* enableSSL:https认证
* @param httpclient
* @param serverPort
* @return
*/
public static HttpClient enableSSL(HttpClient httpclient, Integer serverPort) {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
}};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
SSLSocketFactory sf = new SSLSocketFactory(sc, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = httpclient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", serverPort, sf));
httpclient = new DefaultHttpClient(ccm, httpclient.getParams());
}
catch(Exception e) {
e.printStackTrace();
}
return httpclient;
}
###2.生成证书 生成证书代码:
运行后将生成的jssecacerts文件放到服务器的JAVA_HOME环境下即可