ldaps证书失效解决方案
当时遇到的问题,报错信息如下:
javax.naming.CommunicationException: simple bind failed: itldap56.htldap.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:348)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:694)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:154)
at com.cds.sa.logic.sso.service.impl.LdapServiceImpl.updatePassword(LdapServiceImpl.java:85)
at com.cds.sa.DemoControllerTest.test(DemoControllerTest.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:74)
at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:84)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner
3.
e
v
a
l
u
a
t
e
(
P
a
r
e
n
t
R
u
n
n
e
r
.
j
a
v
a
:
306
)
a
t
o
r
g
.
j
u
n
i
t
.
r
u
n
n
e
r
s
.
P
a
r
e
n
t
R
u
n
n
e
r
.
r
u
n
(
P
a
r
e
n
t
R
u
n
n
e
r
.
j
a
v
a
:
413
)
a
t
o
r
g
.
s
p
r
i
n
g
f
r
a
m
e
w
o
r
k
.
t
e
s
t
.
c
o
n
t
e
x
t
.
j
u
n
i
t
4.
S
p
r
i
n
g
J
U
n
i
t
4
C
l
a
s
s
R
u
n
n
e
r
.
r
u
n
(
S
p
r
i
n
g
J
U
n
i
t
4
C
l
a
s
s
R
u
n
n
e
r
.
j
a
v
a
:
190
)
a
t
o
r
g
.
j
u
n
i
t
.
r
u
n
n
e
r
.
J
U
n
i
t
C
o
r
e
.
r
u
n
(
J
U
n
i
t
C
o
r
e
.
j
a
v
a
:
137
)
a
t
c
o
m
.
i
n
t
e
l
l
i
j
.
j
u
n
i
t
4.
J
U
n
i
t
4
I
d
e
a
T
e
s
t
R
u
n
n
e
r
.
s
t
a
r
t
R
u
n
n
e
r
W
i
t
h
A
r
g
s
(
J
U
n
i
t
4
I
d
e
a
T
e
s
t
R
u
n
n
e
r
.
j
a
v
a
:
69
)
a
t
c
o
m
.
i
n
t
e
l
l
i
j
.
r
t
.
j
u
n
i
t
.
I
d
e
a
T
e
s
t
R
u
n
n
e
r
3.evaluate(ParentRunner.java:306) at org.junit.runners.ParentRunner.run(ParentRunner.java:413) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190) at org.junit.runner.JUnitCore.run(JUnitCore.java:137) at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69) at com.intellij.rt.junit.IdeaTestRunner
3.evaluate(ParentRunner.java:306)atorg.junit.runners.ParentRunner.run(ParentRunner.java:413)atorg.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)atorg.junit.runner.JUnitCore.run(JUnitCore.java:137)atcom.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)atcom.intellij.rt.junit.IdeaTestRunnerRepeater.startRunnerWithArgs(IdeaTestRunner.java:33)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:221)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:54)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:370)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at sun.security.ssl.CertificateMessage
T
12
C
e
r
t
i
f
i
c
a
t
e
C
o
n
s
u
m
e
r
.
c
h
e
c
k
S
e
r
v
e
r
C
e
r
t
s
(
C
e
r
t
i
f
i
c
a
t
e
M
e
s
s
a
g
e
.
j
a
v
a
:
652
)
a
t
s
u
n
.
s
e
c
u
r
i
t
y
.
s
s
l
.
C
e
r
t
i
f
i
c
a
t
e
M
e
s
s
a
g
e
T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652) at sun.security.ssl.CertificateMessage
T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)atsun.security.ssl.CertificateMessageT12CertificateConsumer.onCertificate(CertificateMessage.java:471)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:457)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:200)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1290)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1199)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:819)
at sun.security.ssl.SSLSocketImpl.access
200
(
S
S
L
S
o
c
k
e
t
I
m
p
l
.
j
a
v
a
:
75
)
a
t
s
u
n
.
s
e
c
u
r
i
t
y
.
s
s
l
.
S
S
L
S
o
c
k
e
t
I
m
p
l
200(SSLSocketImpl.java:75) at sun.security.ssl.SSLSocketImpl
200(SSLSocketImpl.java:75)atsun.security.ssl.SSLSocketImplAppOutputStream.write(SSLSocketImpl.java:1104)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:450)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:423)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
… 44 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)
… 63 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
… 69 more
com.cds.kernel.model.exception.BusinessException: javax.naming.CommunicationException: simple bind failed: itldap56.htldap.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2023-04-11 18:07:15 10.131.72.209 | INFO | SpringContextShutdownHook | com.zaxxer.hikari.HikariDataSource | HikariPool-1 - Shutdown initiated…
2023-04-11 18:07:15 10.131.72.209 | INFO | SpringContextShutdownHook | com.zaxxer.hikari.HikariDataSource | HikariPool-1 - Shutdown completed.
2023-04-11 18:07:15 10.131.72.209 | INFO | NettyClientSelector_1 | RocketmqRemoting | closeChannel: close the connection to remote address[172.30.1.60:30921] result: true
Process finished with exit code -1
解决方案如下
- 第一步:需要重新生成证书
- 第二步:重新导入证书
keytool -import -file ldap56-11-BASE64.cer -keystore /usr/local/java/jdk1.8.0_181/jre/lib/security/cacerts -alias qqldap(别名)
查看是否导入:
keytool -list -keystore /usr/local/java/jdk1.8.0_181/jre/lib/security/cacerts | grep qq - 第三步:重启后端应用
扫一扫
3101
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
