配置Java SSL 访问网站证书

最近在开发 Java 访问 Azure ServiceBus 时遇到SSL证书问题,导致JAVA报错,不能正常访问,报错信息如下:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解决方法:配置要访问网站的域名证书,并导入的服务器jdk环境中

  1. https://github.com/escline/InstallCert下载InstallCert.java
  2. 编译javac InstallCert.java
  3. 运行InstallCert,参数是你调用的网址(Azure事件中心的地址),如果是80端口可以省略port
java InstallCert [host]:[port]

例:java InstallCert abc.com:443

  运行后会列出证书让你选择,输入1回车,最后会在当前目录生成一个jssecacerts文件。

1. 导出证书文件

1)     使用CMD命令进入jssecacerts文件所在目录

2)     运行以下命令,导出证书文件:

keytool -exportcert -alias [host]-1 -keystore jssecacerts -storepass changeit -file [host].cer

例:keytool -exportcert -alias www.abc.com-1 -keystore jssecacerts -storepass changeit -file www.abc.com.cer

将证书文件导入系统keystore

keytool -importcert -alias [host] -keystore [path to system keystore] -storepass changeit -file [host].cer

例:keytool -importcert -alias www.abc.com -keystore "C:\Program Files\Java\jre1.8.0_111\lib\security\cacerts" -storepass changeit -file www.abc.com.cer

 

# Example:
java InstallCert woot.com:443

    Loading KeyStore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts...
    Opening connection to woot.com:443...
    Starting SSL handshake...

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    <...>

    Server sent 1 certificate(s):

     1 Subject O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
       Issuer  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
       sha1    4b 46 ca 6b 83 05 b3 51 ff c6 e7 9c fd b3 9b e3 3f 2e c4 53 
       md5     e8 a5 88 1b d5 67 bb fc 88 cc b1 c5 2b ac c4 7d 

    Enter certificate to add to trusted keystore or 'q' to quit: [1]

[enter]

    [
    [
      Version: V3
      Subject: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    <...>

    Added certificate to keystore 'jssecacerts' using alias 'woot.com-1'

keytool -exportcert -alias woot.com-1 -keystore jssecacerts -storepass changeit -file woot.com.cer

    Certificate stored in file <woot.com.cer>
  
(sudo) keytool -importcert -alias woot.com -keystore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts -storepass changeit -file woot.com.cer

    Owner: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
    Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  
    <...>
  
    Trust this certificate? [no]:
  
yes

    Certificate was added to keystore

  

参考网址:https://github.com/escline/InstallCert

 

转载于:https://www.cnblogs.com/wanghaixing/p/6229789.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值