解决PKIX path building failed的问题

最新推荐文章于 2024-08-12 14:58:08 发布
最新推荐文章于 2024-08-12 14:58:08 发布
阅读量4.1k 收藏 1
点赞数
分类专栏: ca证书 文章标签: ca 证书 ssl webservice

在一次调试中,出现了这个错误: 

[ERROR] http-8080-Processor25 2010-01-20 15:29:28,640 org.jasig.cas.client.validation.Cas20ServiceTicketValidator     - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:58)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:167)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:141)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:137)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:149)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at com.web114.web.filter.UTF8EncoderFilter.doFilter(UTF8EncoderFilter.java:57)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Unknown Source)

这个错误最终定位在这个方法: 

protected final String retrieveResponseFromServer(final URL validationUrl,
final String ticket) {
HttpURLConnection connection = null;
try {
connection = (HttpURLConnection) validationUrl.openConnection();
final BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream()));


String line;
final StringBuffer stringBuffer = new StringBuffer(255);


synchronized (stringBuffer) {
while ((line = in.readLine()) != null) {
stringBuffer.append(line);
stringBuffer.append("\n");
}
return stringBuffer.toString();
}


} catch (final IOException e) {
log.error(e, e);
return null;
} catch (final Exception e1){
log.error(e1, e1);
return null;
}finally {
if (connection != null) {
connection.disconnect();
}
}
}


后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法: 

trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);


具体的实现是: 

HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: " + urlHostName + " vs. "
                               + session.getPeerHost());
            return true;
        }
    };

private static void trustAllHttpsCertificates() throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext
.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
}


static class miTM implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}


public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}


public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}


public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}


public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}



hulua2010
关注
专栏目录
解决PKIX path building failed问题
lsl520hah的博客
10-25 3935
Java在请求某些不受信任的https网站时会报: PKIX path building failed 解决方法: 导入证书到本地 信任所有SSL证书 1、导入证书 在要访问的https网站,F12,如图:View certificate(蓝色部分)-- 导出证书 导入证书: keytool -import -v -trustcacerts -alias taobao -f...
解决eclipse的PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException问题
qq_38069453的博客
07-06 1366
因为远程办公,使用了VPN,而且还无法关闭的VPN的情况下,(如果vpn可以断开的小伙伴,你可以直接断开vpn连个热点试试,一般没问题,如果不行你再看下面的文章)eclipse的MarketPlace打开之后报错 :PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException...
PKIX path building failed
12-07
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
升级Android 2024.1.1 Studio后 报gradle build error: PKIX path building failed解决方法
最新发布
qq_41637249的博客
08-12 358
gradle build error: PKIX path building failed
解决 PKIX path building failed: && unable to find valid certification path to requested target
qq_43406318的博客
03-20 6225
java 项目 访问 https url 时报错。PKIX path building failed: && unable to find valid certification path to requested target
HTTPS配置说明文档(tomcat)与HTTPS协议请求出现证书不信任问题PKIX PATH BUILDING FAILED
qq_61407171的博客
06-07 5132
HTTPS配置说明文档(tomcat)与HTTPS协议请求出现证书不信任问题PKIX PATH BUILDING FAILED
SSL.7z,解决PKIX path building failed问题
03-10
PKIX path building failed问题解决本地环境中报错 PKIX path building failed问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
解决PKIX path building failed问题的AbstractCasProtocolUrlBasedTicketValidator
04-28
CAS默认走https,需要安装证书,但是自定义的证书貌似得不到信任,报PKIX path building failed。则可以修改源码来屏蔽错误。
PKIX path building failed报错解决
qq_43618249的博客
07-18 854
出现报错如下:说明本地没有存要访问地址的证书或者证书过期需要更新ssl证书
问题PKIX path building failed unable to find valid certification path to requested target分析
gongjin28_csdn的博客
05-08 1287
解决这一问题的核心在于确保Java环境能够信任目标服务器的证书,要么通过确保证书链的有效性和完整性,要么通过手动将所需证书添加到Java的信任存储中。对于生产环境,强烈建议遵循最佳实践,使用权威CA签发的证书,并保持Java环境的安全更新。
tomcat5.5.20 cas-PKIX path building failed:异常解决
elvis
04-19 5269
在配置cas的过程中遇到如下错误:配置过程参见文章 www.ibm.com/developerworks/cn/opensource/os-cn-cas/   javax.net.ssl.SSLHandshakeExceptionsun.security.validator.ValidatorExceptionPKIpath building failedsun.sec
https 常见问题PKIX path building failed
sonycong的专栏
05-17 2480
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targat
Java:PKIX path building failed: SunCertPathBuilderException解决方法汇总
netyeaxi的专栏
09-15 3673
PKIX path building failed: SunCertPathBuilderException解决方法汇总
解决PKIX path building failed
weixin_34234823的博客
06-01 1044
2019独角兽企业重金招聘Python工程师标准>>> ...
https请求报错 PKIX path building failed 解决方法
抽象画家的博客
03-24 1880
https请求报错 PKIX path building failed 解决方法
Jenkins在linux报错:PKIX path building failed: sun.security.provid...
悦上心灵的博客
01-20 4318
Jenkins在linux报错:PKIX path building failed: sun.security.provid..
java如何解决PKIX path building failed
03-29
PKIX path building failed是Java中的一个常见错误,它通常表示在建立PKIX路径时出现了问题PKIX(Public Key Infrastructure X.509)是一种用于验证和建立数字证书链的标准协议。 要解决PKIX path building failed错误,可以尝试以下几种方法: 1. 检查证书链:首先,确保你的证书链是完整和正确的。检查证书是否过期、是否被吊销或是否存在其他问题。可以使用Java的keytool工具来检查证书。 2. 更新证书库:如果你的Java环境中的证书库已过时或缺少必要的根证书,可以尝试更新证书库。可以从可信任的证书颁发机构(CA)获取最新的根证书,并将其添加到Java的证书库中。 3. 禁用证书验证:在某些情况下,你可能希望暂时禁用证书验证以解决问题。但请注意,这会降低安全性。可以通过设置SSLContext来禁用证书验证,例如: ``` SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) {} public void checkServerTrusted(X509Certificate[] chain, String authType) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); ``` 请注意,禁用证书验证可能会导致安全风险,请在仔细评估后使用。 4. 检查网络连接:有时,PKIX path building failed错误可能是由于网络连接问题引起的。确保你的网络连接正常,并且可以访问远程服务器。
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值