解决PKIX:unable to find valid certification path to requested target 的问题

最新推荐文章于 2024-05-31 17:13:46 发布
最新推荐文章于 2024-05-31 17:13:46 发布
阅读量783 收藏 1
点赞数
分类专栏: Java Spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_24393347/article/details/103172355
版权
背景

在导入spring源码时出现如下错误:

   > Could not resolve org.springframework.build.gradle:propdeps-plugin:0.0.7.
      > Could not get resource 'https://repo.spring.io/plugins-release/org/springframework/build/gradle/propdeps-plugin/0.0.7/propdeps-plugin-0.0.7.pom'.
         > Could not GET 'https://repo.spring.io/plugins-release/org/springframework/build/gradle/propdeps-plugin/0.0.7/propdeps-plugin-0.0.7.pom'.
            > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   > Could not resolve org.springframework.build.gradle:propdeps-plugin:0.0.7.
      > Could not get resource 'https://plugins.gradle.org/m2/org/springframework/build/gradle/propdeps-plugin/0.0.7/propdeps-plugin-0.0.7.pom'.
         > Could not GET 'https://plugins.gradle.org/m2/org/springframework/build/gradle/propdeps-plugin/0.0.7/propdeps-plugin-0.0.7.pom'.
            > Remote host closed connection during handshake
> Could not resolve io.spring.gradle:docbook-reference-plugin:0.3.1.
  Required by:
      :spring:4.3.22.RELEASE
   > Could not resolve io.spring.gradle:docbook-reference-plugin:0.3.1.
      > Could not get resource 'https://repo.spring.io/plugins-release/io/spring/gradle/docbook-reference-plugin/0.3.1/docbook-reference-plugin-0.3.1.pom'.
         > Could not GET 'https://repo.spring.io/plugins-release/io/spring/gradle/docbook-reference-plugin/0.3.1/docbook-reference-plugin-0.3.1.pom'.
            > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   > Could not resolve io.spring.gradle:docbook-reference-plugin:0.3.1.
      > Could not get resource 'https://plugins.gradle.org/m2/io/spring/gradle/docbook-reference-plugin/0.3.1/docbook-reference-plugin-0.3.1.pom'.
         > Could not GET 'https://plugins.gradle.org/m2/io/spring/gradle/docbook-reference-plugin/0.3.1/docbook-reference-plugin-0.3.1.pom'.
            > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Could not resolve org.codehaus.sonar.runner:sonar-runner-api:2.4.
  Required by:
原因

缺少安全证书时出现的异常。Java在访问SSL加密的网站时,需要从JDK的KeyStore 里面去查找相对应得可信证书,如果不能从默认或者指定的KeyStore 中找到可信证书,就会报这个错误。另外,Java所使用的证书仓库并不是Windows系统自带的证书管理。所以即使系统中包含此证书也不可以使用。

解决办法
package com.zxp;

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out
                    .println("Usage: java InstallCert <host>[:port] [passphrase]");
            return;
        }

        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP + "lib"
                    + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();

        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf
                .getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[] { tm }, null);
        SSLSocketFactory factory = context.getSocketFactory();

        System.out
                .println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }

        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(
                System.in));

        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println(" " + (i + 1) + " Subject "
                    + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }

        System.out
                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }

        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();

        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out
                .println("Added certificate to keystore 'jssecacerts' using alias '"
                        + alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }

}

在idea 新建上面的类,设置运行参数
在这里插入图片描述
运行 ,console出现如下提示信息,输出 1
在这里插入图片描述
会在目录下生成文件 jssecacerts
在这里插入图片描述
将证书文件拷贝到$JAVA_HOME/jre/lib/security目录下

章锡平
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
解决PKIX path building failed问题
03-17
NULL 博文链接:https://mengyang.iteye.com/blog/575671
SSL.7z,解决PKIX path building failed问题
03-10
PKIX path building failed问题解决本地环境中报错 PKIX path building failed问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
验证证书unable to find valid certification path to requested target
05-07
分析: 当在Java中使用URL.openConnection().connect()方法进行HTTPS请求时,如果遇到PKIX path building failed异常,通常意味着Java运行环境在验证服务器证书链时遇到了问题。具体错误信息sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target指出Java虚拟机(JVM)无法找到一个可信的路径来验证服务器提供的SSL/TLS证书。 这个问题的根本原因是Java的信任存储(通常是JKS格式的证书库,默认位于$JAVA_HOME/lib/security/cacerts文件中)中没有包含服务器证书的根CA证书,或者服务器证书本身不是由受信任的CA签发,或者证书链不完整。 解决: 参考资源中《验证证书unable to find valid certification path to requested target问题解决.txt》
Maven:unable to find valid certification path to requested
2302_77302329的博客
05-31 1006
保存为der文件(这个扩展名没有影响,crt或者什么都没关系)下载文件的时候,因为缺少网站的HTTPS证书,导致无法连接。证书指纹(证书密钥):changeit。点击地址栏左边的图标——连接是安全的。在配置了Java环境变量的情况下。打开无法连接的网站,比如。IDEA的maven从。
关于IDEA2020.1新建项目maven PKIX 报错问题解决方法
08-19
主要介绍了关于IDEA2020.1新建项目maven PKIX 报错问题解决方法,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
unable to find valid certification path to requested target问题
08-05
NULL 博文链接:https://hyl198611.iteye.com/blog/1988113
解决 PKIX:unable to find valid certification path to requested target 问题
浮华一世南柯一梦
08-09 1023
首先感谢博主提供的代码!下面我仅记录下实现细节 新建InstallCert.java文件 上传至linux 编译InstallCert.java文件javac -Djava.ext.dirs=目录 *.java 执行java InstallCert www.xxx.com 输入1,回车,然后会在当前的目录下产生一个名为“ jssecacerts”的证书。 通过 echo $JAVA_HOME 找到目录,把生成的jssecacerts文件移动到该目录下 重启jar包 下面是InstallCert.ja.
解决unable to find valid certification path to requested target
热门推荐
weixin_44519124的博客
08-25 5万+
问题 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 出现原因 这个问题的根本原因是你安装JDK时,Java\jar 1.8.0_141\lib\ext\里面缺少了一个安全凭证js
PKIX SunCertPathBuilderException: unable to find valid certification path to requested target
大伟的博客
02-15 3901
当java客户端请求实现https协议的服务时,出现异常:’unable to find valid certification path to requested target’ 是因为服务期端的证书没有被认证,需要做的是把服务端证书导入到java keystore。 证书识别 import javax.net.ssl.*; import java.io.*; import java.security.KeyStore; import java.security.MessageDigest; imp
SunCertPathBuilderException: unable to find valid certification path to requested target
t0m的专栏
02-01 2082
背景: 使用HttpClient4.5发送post请求,对方需要使用证书,需要本地安装证书,之后本地正常请求https,部署到centos后,安装证书,发送http请求报错: SunCertPathBuilderException: unable to find valid certification path to requested target 证书安装: keytool -import -v -trustcacerts -alias spdbuat -file spdbuat.cer -
PKIX path building failed解决java获取https的时遇到的证书问题
最新发布
07-02
unable to find valid certification path to requested target ``` 这个错误表明Java在尝试建立SSL/TLS连接时无法验证服务器提供的证书。这通常是由于缺少正确的中间证书或根证书,或者这些证书没有正确安装在Java...
InstallCert.java工具及使用方法.zip
07-29
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
解决PKIX path building failed问题的AbstractCasProtocolUrlBasedTicketValidator类
04-28
CAS默认走https,需要安装证书,但是自定义的证书貌似得不到信任,报PKIX path building failed。则可以修改源码来屏蔽错误。
Trusted Path Debugger:用于 PKIX 路径构建的 Java 调试器失败错误-开源
07-12
在 Java 中,在进行 HTTPS 连接时,人们通常会遇到以下异常堆栈跟踪: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider....
PKIX path building failed
12-07
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
解决使用RestTemplate时 PKIX:unable to find valid certification path to requested target
longqiyuye925的博客
09-12 939
解决使用RestTemplate时 PKIX:unable to find valid certification path to requested target @SpringBootApplication public class BeanConfig { @Bean public RestTemplate myRestTemplate() { return new RestTemplate(simpleClientHttpRequestFactory());
【已解决】Https请求报错:unable to find valid certification path to requested target
weixin_41891385的博客
03-06 2万+
SSL认证失败: 报错信息如下: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 问题发现环境: Java中使
解决PKIX:unable to find valid certification path to requested target问题(数字证书问题
gouzhengju1454的博客
08-08 580
解决PKIX:unable to find valid certification path to requested target问题 根据错误消息看,貌似是找不到数字证书。可奇怪的是数字证书我已经导入了啊,为何还出现这样的情况了。可能的原因: 一、公钥是否正确?是否是网站出来的公钥? 如果访问百度、阿里云、腾讯云等互联网巨头的网站你会发现,他们的网站URL已经清一色变成HTTPS,不再是HTTP了。 使用HTTPS的原因很简单,已经HTTPS是加密传输的,而HTTP是明文传输的,
HttpRequest为什么不会报PKIX:unable to find valid certification path to requested target
09-13
根据引用和[2],当在进行HTTPS请求时,如果服务器的证书无法通过Java的信任库验证,就会出现"PKIX: unable to find valid certification path to requested target"的错误。这个错误通常发生在以下情况下: 1. 服务器的证书是自签名的或使用未知的证书颁发机构签名的。 2. 信任库中缺少服务器证书的根证书或中间证书。 3. 信任库中的证书已过期或被撤销。 根据引用,在Java中,这个错误会由SunCertPathBuilderException引发。这个异常表示无法构建一个有效的证书路径来验证服务器的证书。 因此,当HttpRequest报"PKIX: unable to find valid certification path to requested target"错误时,通常是由于服务器证书无法在Java的信任库中找到或验证的原因导致的。解决这个问题的方法有以下几种: 1. 添加服务器证书到Java的信任库中:可以使用keytool命令将服务器证书导入到Java信任库中。首先,获取服务器证书,然后使用keytool命令将该证书导入到Java信任库中。具体步骤如下: - 获取服务器证书:可以使用浏览器访问服务器的HTTPS站点并导出证书。 - 使用keytool命令将证书导入到Java信任库中:运行以下命令,将路径替换为你的证书路径和别名替换为你喜欢的别名。 ``` keytool -import -alias <alias> -file <path_to_certificate> -keystore <path_to_keystore> ``` - 确保keytool命令使用的是正确的Java信任库,默认情况下,Java信任库位于$JAVA_HOME/lib/security/cacerts。 2. 使用自定义信任管理器:可以编写自定义的X509TrustManager来验证服务器证书。首先,创建一个实现X509TrustManager接口的类,然后在该类中实现验证逻辑。最后,将该自定义信任管理器设置为HttpClient或HttpURLConnection的信任管理器。这样就可以绕过Java信任库的验证,但需要注意安全风险。 3. 禁用证书验证:虽然不推荐,但可以通过禁用证书验证来解决问题。这个方法会使请求不再验证服务器的证书,但会增加安全风险。具体实现方法因使用的HTTP库而异。 总之,"PKIX: unable to find valid certification path to requested target"错误通常是由于服务器证书无法在Java的信任库中找到或验证的原因导致的。可以通过将服务器证书导入到Java信任库中、使用自定义信任管理器或禁用证书验证来解决这个问题
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值