javax.net.ssl.SSLHandshakeException:PKIX path building failed解决方法的代码

最新推荐文章于 2024-05-06 10:18:49 发布
最新推荐文章于 2024-05-06 10:18:49 发布
阅读量5.5k 收藏
点赞数
分类专栏: java 文章标签: ssl 证书错误

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class InstallCert {

public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
    String[] c = args[0].split(":");
    host = c[0];
    port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
    String p = (args.length == 1) ? "changeit" : args[1];
    passphrase = p.toCharArray();
} else {
    System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
    return;
}

File file = new File("jssecacerts");
if (file.isFile() == false) {
    char SEP = File.separatorChar;
    File dir = new File(System.getProperty("java.home") + SEP
        + "lib" + SEP + "security");
    file = new File(dir, "jssecacerts");
    if (file.isFile() == false) {
    file = new File(dir, "cacerts");
    }
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();

SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();

System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
    System.out.println("Starting SSL handshake...");
    socket.startHandshake();
    socket.close();
    System.out.println();
    System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
    System.out.println();
    e.printStackTrace(System.out);
}

X509Certificate[] chain = tm.chain;
if (chain == null) {
    System.out.println("Could not obtain server certificate chain");
    return;
}

BufferedReader reader =
    new BufferedReader(new InputStreamReader(System.in));

System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
    X509Certificate cert = chain[i];
    System.out.println
        (" " + (i + 1) + " Subject " + cert.getSubjectDN());
    System.out.println("   Issuer  " + cert.getIssuerDN());
    sha1.update(cert.getEncoded());
    System.out.println("   sha1    " + toHexString(sha1.digest()));
    md5.update(cert.getEncoded());
    System.out.println("   md5     " + toHexString(md5.digest()));
    System.out.println();
}

System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
    k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
    System.out.println("KeyStore not changed");
    return;
}

X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);

OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();

System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
    ("Added certificate to keystore 'jssecacerts' using alias '"
    + alias + "'");
}

private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
    b &= 0xff;
    sb.append(HEXDIGITS[b >> 4]);
    sb.append(HEXDIGITS[b & 15]);
    sb.append(' ');
}
return sb.toString();
}

private static class SavingTrustManager implements X509TrustManager {

    private final X509TrustManager tm;
    private X509Certificate[] chain;

    SavingTrustManager(X509TrustManager tm) {
        this.tm = tm;
    }

    public X509Certificate[] getAcceptedIssuers() {
        throw new UnsupportedOperationException();
    }

    public void checkClientTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        throw new UnsupportedOperationException();
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        this.chain = chain;
        tm.checkServerTrusted(chain, authType);
    }
    }

}
lovme_huan
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
解决Exception in thread “main“ javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.sec
user123name的博客
11-26 4477
访问一个接口,通过postman可以调用但是使用HttpClient无法访问报错误Exception in thread “main” javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
java https 报错,Java中https请求报错,信任所有ssl证书解决javax.net.ssl.SSLHandshakeException: PKIX path building fai...
weixin_39892447的博客
03-19 1474
Java 信任所有SSL证书,HTTPS请求抛错,忽略证书请求完美解决解决方案:在openConnection之前调用该utilutil代码package com.warren.util;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net....
解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin
热门推荐
weixin_43496689的博客
05-17 1万+
PS:后来对windows和mac下java访问https也做了测试,发现mac上的jdk缺省不带startssl ca证书所以能访问通过,而加上startssl ca证书后同android一样访问不通过。JAVA证书库里已经带了startssl ca证书,而nginx默认不带startssl ca证书,这样JAVA端访问nginx为容器的https url校验就会失败,jetty默认带startssl ca证书,所以正常。最后一行就是jdk的安装路径。
解决javax.net.ssl.SSLHandshakeException: SSL握手异常的解决方法,亲测有效,嘿嘿嘿!!!
最新发布
PythonAigc的博客
05-06 2397
`javax.net.ssl.SSLHandshakeException: SSL握手异常` 通常表示在尝试建立安全套接字连接(SSL/TLS 握手)时出现了问题。这个问题可能由多种原因引起,包括但不限于证书问题、协议不匹配、加密算法不支持等。以下是对这个异常的分析、报错原因、解决思路、解决方法以及代码示例。 ### 问题分析 SSL握手是建立安全通信的过程,它涉及到客户端和服务器之间的多个步骤,包括证书交换、加密算法协商等。如果在这个过程中任何一个步骤出现问题,都可能导致SSL握手失败,并抛出`SSL
解决SSLHandshakeExceptionPKIX path building failed
chengxuyuanruhua的博客
08-20 4038
加了证书之后,调用https的请求,不受信任,就会报如下错误信息: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building f
baidu_41909845的博客
03-30 2686
这是SSL证书请求问题。
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法总结
08-25
主要介绍了javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法,有需要的朋友们可以学习下。
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
03-05
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
javax.net.ssl.SSLHandshakeException: sun.security.validator 问题解决,与环境有关
04-03
Java编程中,`javax.net.ssl.SSLHandshakeException` 是一个常见的错误,通常发生在进行安全套接层(SSL)或传输层安全(TLS)协议握手时出现问题。这个异常通常是由于客户端和服务器之间的证书不匹配、信任锚点...
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
03-02
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败
agoin__的博客
11-21 4291
处理javax.net.ssl.SSLHandshakeExceptionSSL 握手失败问题
【keytool】How to solve javax.net.ssl.SSLHandshakeException Error?
michaelwoshi的博客
03-20 232
一、背景 环境中一个java微服务功能异常,看日志报错: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested ta.
Java 解决PKIX path building failed问题(信任所有证书)
qq_36138652的博客
11-08 5982
解决PKIX path building failed
踩坑日志:解决Java在请求某些不受信任的https网站时会报:PKIX path building failed
m0_61959706的博客
08-12 459
可是我内网穿透和服务器地址都用的http,怎么还会有这个异常呢,而且我还用HttpCilentUitl进行访问转换过。大概意思是知道,是因为jdk对不存在信任的网站进行https访问时,就会报出该异常。保存到C:\java-se-8u41-ri\jre\lib\security。3、重启服务再次访问,完美解决。不过,今天的头发也掉完了。...
备忘:javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found
cnfixit的专栏
07-01 6711
发送GET请求出现异常!javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found 可能需要将签署者添加至本地信任库。可以使用管理控制台的端口选项中的“检索”来检索证书解决问题。 如果您确定请求可信,请完成下列步骤: 1. 登录管理控制台。 2. 展开“安全性”并单
ssl证书绑定windows服务器端口及SSL配置命令详解
pulledup的博客
05-11 6242
ssl证书绑定windows服务器端口及SSL配置命令详解 第一部分 多层应用服务器中SSL的服务器配置 一、首先,你的 服务器的防火墙 或云服务器的安全配置要哦放通下面你想配置的端口 我配置的端口为: http: 8085 https: 8086二、其次:你申请了SSL证书(可到腾讯云或阿里云申请单域名的免费版) 三、在服务器安装SSL证书 四、配置绑定SSL端口映射1、查看当前SSL端口配置: netsh http show sslcert 2、绑定当前SSL到指定端口: netsh ..
解决Java调用Azure SDK证书错误javax.net.ssl.SSLHandshakeException
weixin_30460489的博客
12-05 1160
Azure作为微软的公有云平台,提供了非常丰富的SDK和API让开发人员可以非常方便的调用的各项服务,目前除了自家的.NET, Java, Python, nodeJS, Ruby,PHP等语言都提供支持,详细的文档说明请参考: https://azure.microsoft.com/en-us/documentation/ 然而在使用过程中,以Java语言为例,在初始调用Azure SDK...
javax.net.ssl.SSLHandshakeException: PKIX path building failed: SunCertPathBuilderException
04-27
javax.net.ssl.SSLHandshakeException: PKIX path building failed: SunCertPathBuilderExceptionJava程序中常见的一个异常,通常出现在使用HTTPS协议进行网络请求时。 这个异常表示在SSL握手期间出现了问题,...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值