登录后报
ValidatorException: PKIX path building failed
SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 60 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 66 common frames omitted
https
应该在 validate crt 环节出问题了
思路
一、导证书到jre环境
二、服务器不信任我们自己创建的证书,所以在代码中忽略证书信任问题。
忽略证书信任问题
使用空Filter,使用JVM在加载类的时候,执行SSL连接设置,忽略 SSL 证书问题。
涉及 HttpsURLConnection 的默认 SLLSocketFactory、HostnameVerifier
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
过滤器代码
**
* @author huangliuyu
* @description 忽略ssl认证过滤器
* @date 2019-01-09
*/
public class IgnoreSSLValidateFilter implements Filter {
static {
//执行设置,禁用ssl认证
try {
TrustManager[] trustAllCerts = {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
}
public void destroy() {
}
public void init(FilterConfig config) throws ServletException {
}
}
Spring Boot 使用过滤器
/**
* @author huangliuyu
* @description 过滤器配置类
* @date 2019-01-09
*/
@Configuration
@Component
public class FilterConfig {
@Bean
public FilterRegistrationBean ignoreSSLValidateFilter(){
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new IgnoreSSLValidateFilter());
registrationBean.setName("ignoreSSLValidateFilter");
//过滤器顺序
registrationBean.setOrder(0);
//拦截规则
registrationBean.setUrlPatterns(Arrays.asList("/*"));
return registrationBean;
}
}