邮件ssl证书

最新推荐文章于 2023-06-13 12:03:53 发布
最新推荐文章于 2023-06-13 12:03:53 发布
阅读量1.1k 收藏
点赞数
文章标签: ssl webservice string file path documentation

使用javamail发送邮件时或执行webservice的过程如出现ssl异常,如下:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

这是缺少安全证书时出现的异常,解决方案就是将你要访问的smtp或webservice的安全认证证书导入到客户端即可。以下是获取安全证书的一种方法

1,写一个程序专门获取安全证书,参考InstallCert.java:

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import java.io.*;
import java.net.URL;

import java.security.*;
import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {
 String host;
 int port;
 char[] passphrase;
 if ((args.length == 1) || (args.length == 2)) {
     String[] c = args[0].split(":");
     host = c[0];
     port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
     String p = (args.length == 1) ? "changeit" : args[1];
     passphrase = p.toCharArray();
 } else {
     System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
     return;
 }

 File file = new File("jssecacerts");
 if (file.isFile() == false) {
     char SEP = File.separatorChar;
     File dir = new File(System.getProperty("java.home") + SEP
      + "lib" + SEP + "security");
     file = new File(dir, "jssecacerts");
     if (file.isFile() == false) {
  file = new File(dir, "cacerts");
     }
 }
 System.out.println("Loading KeyStore " + file + "...");
 InputStream in = new FileInputStream(file);
 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
 ks.load(in, passphrase);
 in.close();

 SSLContext context = SSLContext.getInstance("TLS");
 TrustManagerFactory tmf =
     TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
 tmf.init(ks);
 X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
 context.init(null, new TrustManager[] {tm}, null);
 SSLSocketFactory factory = context.getSocketFactory();

 System.out.println("Opening connection to " + host + ":" + port + "...");
 SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
 socket.setSoTimeout(10000);
 try {
     System.out.println("Starting SSL handshake...");
     socket.startHandshake();
     socket.close();
     System.out.println();
     System.out.println("No errors, certificate is already trusted");
 } catch (SSLException e) {
     System.out.println();
     e.printStackTrace(System.out);
 }

 X509Certificate[] chain = tm.chain;
 if (chain == null) {
     System.out.println("Could not obtain server certificate chain");
     return;
 }

 BufferedReader reader =
  new BufferedReader(new InputStreamReader(System.in));

 System.out.println();
 System.out.println("Server sent " + chain.length + " certificate(s):");
 System.out.println();
 MessageDigest sha1 = MessageDigest.getInstance("SHA1");
 MessageDigest md5 = MessageDigest.getInstance("MD5");
 for (int i = 0; i < chain.length; i++) {
     X509Certificate cert = chain[i];
     System.out.println
      (" " + (i + 1) + " Subject " + cert.getSubjectDN());
     System.out.println("   Issuer  " + cert.getIssuerDN());
     sha1.update(cert.getEncoded());
     System.out.println("   sha1    " + toHexString(sha1.digest()));
     md5.update(cert.getEncoded());
     System.out.println("   md5     " + toHexString(md5.digest()));
     System.out.println();
 }

 System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
 String line = reader.readLine().trim();
 int k;
 try {
     k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
 } catch (NumberFormatException e) {
     System.out.println("KeyStore not changed");
     return;
 }

 X509Certificate cert = chain[k];
 String alias = host + "-" + (k + 1);
 ks.setCertificateEntry(alias, cert);

 OutputStream out = new FileOutputStream("jssecacerts");
 ks.store(out, passphrase);
 out.close();

 System.out.println();
 System.out.println(cert);
 System.out.println();
 System.out.println
  ("Added certificate to keystore 'jssecacerts' using alias '"
  + alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
 StringBuilder sb = new StringBuilder(bytes.length * 3);
 for (int b : bytes) {
     b &= 0xff;
     sb.append(HEXDIGITS[b >> 4]);
     sb.append(HEXDIGITS[b & 15]);
     sb.append(' ');
 }
 return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

 private final X509TrustManager tm;
 private X509Certificate[] chain;

 SavingTrustManager(X509TrustManager tm) {
     this.tm = tm;
 }

 public X509Certificate[] getAcceptedIssuers() {
     throw new UnsupportedOperationException();
 }

 public void checkClientTrusted(X509Certificate[] chain, String authType)
  throws CertificateException {
     throw new UnsupportedOperationException();
 }

 public void checkServerTrusted(X509Certificate[] chain, String authType)
  throws CertificateException {
     this.chain = chain;
     tm.checkServerTrusted(chain, authType);
 }
    }

}

2.执行 java InstallCert hostname 比如

java InstallCert smtp.xxx.com

会看到如下信息:

java InstallCert ecc.fedora.redhat.com
Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...
Opening connection to ecc.fedora.redhat.com:443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
 at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
 at sun.security.validator.Validator.validate(Validator.java:203)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
 at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
 at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
 ... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
 ... 13 more

Server sent 1 certificate(s):

 1 Subject CN=smtp.xxx.com, O=Neusoft, ST=Liaoning, C=CN
   Issuer  CN=Neusoft
   sha1    52 e8 3a 67 48 93 6e 93 ee 94 a6 a4 8e ab 8e 11 d7 ec 6d e8 
   md5     84 6d 28 e7 16 b1 c4 08 6c 10 c9 14 d0 2e 25 b7 


Enter certificate to add to trusted keystore or 'q' to quit: [1]

3.输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。将证书copy到$JAVA_HOME/jre/lib/security或jdk相应目录下,或者通过以下方式

System.setProperty("javax.net.ssl.trustStore", "D:\\UTA\\DOC_E_Health_XML\\Keystore\\jssecacerts");


wk_ri
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
kingbase SSL证书
04-15
Kingbase SSL证书是网络安全领域中的一个重要概念,它主要用于保护网络通信的安全性,特别是在进行敏感信息交换时,如网上银行、电子商务、电子邮件等场景。SSL(Secure Socket Layer)是安全套接层的缩写,它是...
可运营的SSL证书在线生成系统源码,附带图文搭建教程
最新发布
01-12
SSL证书是网络安全领域中的一个重要组成部分,它主要用于加密网站与用户之间的通信,确保数据在传输过程中不被窃取或篡改。本系统源码提供了一种可运营的解决方案,允许用户在线申请并管理SSL证书,无需通过第三方...
电子邮件证书SSL证书协议要不要开启?
m0_61462682的博客
01-10 527
电子邮箱是目前较受欢迎的沟通软件,那么要想保证其安全的话,电子邮件证书的。电子邮箱虽然没有QQ、微信等应用广泛,不过对于部分企业来说,邮件交流还是尤备频繁的,其中就有不少不法分子就想钻空子,想从中窃取企业隐私信息,这时安装电子邮件证书,并开启邮箱SSL协议就显得很重要。为了加强网络安全保护,现在许多网站都会部署有效的SSL证书,而SSL证书就是遵守SSL协议,正如以上所说,是由受信任的CA机构颁发的数字证书,所以对于电子邮箱来说开启SSL协议也是非常有必要的。而电子邮件证书正好可以起到这样一些作用。
企业邮箱部署SSL证书
wwwwestcn的博客
01-28 3497
第一步:申请证书。申请地址。证书申请流程. 第二步:申请成功以后下载解压证书。 1.在“安全及监测”——“SSL证书服务”——“详情”中进行下载。 2.点击“下载证书”。 3.选择PEM格式,适合nginx的,然后点击下载。因为下载是rar的压缩包,因此请记住解压密码,下载后需要用密码进行解压。 4.解压后会得到两个文件,.crt的是证书文件,.key的是私钥文件。 5.使用云邮的postmaster账户登录到云邮的“邮箱管理”,找到“SSL部署”,点击“启用”。 使用记...
在Postfix邮件服务器上部署SSL证书
chasonli666的博客
04-16 1569
在Postfix邮件服务器上部署SSL证书 # 前提条件 # 如何部署 # 配置文件 # 启动SMTPS服务 # 重启Postfix服务器 # 更多信息 Postfix是一款基于sendmail改良而产生的,用于邮件传输代理(MTA)的电子邮件服务器。本文详细描述如何在Postfix邮件服务器上部署和使用SSL证书。 前提条件 确保已经获取数字证书。有关获取数字证书方法,可参阅如...
关于SSL证书开启smtps服务以及https服务
niediedie的博客
10-14 1259
最近正在学习SSL,在这里做下总结。Java自带了keytool工具可以生成SSL证书。无论是smtps还是https服务,最后都离不开将证书导入jdk\jre\security\cacerts密钥库中。SSL在我看来负责进行加密,防止黑客拦截请求,篡改数据导致损失。
java mail ssl smtp,如何使用Java Mail API验证SMTP服务器的SSL / TLS证书
weixin_34997870的博客
02-13 441
We are adding a functionality to send email through SMTP. Basically, when the user tries to add and save the SMTP server details through UI, I will need to validate the server's certificate. I could g...
windows服务器ssl证书创建、安装及配置方法
09-30
SSL证书是网络安全领域的重要组成部分,主要用于确保数据传输过程中的安全性和隐私性。Windows服务器上的SSL证书配置主要包括几个关键步骤:创建证书请求、安装中级CA证书、安装服务器证书以及配置站点绑定。下面...
K8S主机Prometheus监控ssl证书资源清单及镜像文件
01-14
本文将深入探讨如何利用Prometheus监控K8S主机上的SSL证书资源,并介绍一个名为`prometheus-ssl-exporter`的镜像文件,它有助于提取和暴露SSL证书的相关信息。 首先,理解SSL证书对于K8S的重要性至关重要。SSL...
在Serv-U中使用SSL证书增强FTP服务器安全性图文设置方法
09-30
本文将详细介绍如何在Serv-U FTP服务器上配置和使用SSL证书来增强安全性。 首先,Serv-U是一个流行的FTP服务器软件,它支持SSL加密功能,但默认情况下可能并未启用。SSL证书是确保FTP服务器与客户端之间通信安全的...
unable to find valid certification path to requested target 的问题
08-05
NULL 博文链接:https://hyl198611.iteye.com/blog/1988113
unable to find valid certification path to requested target
weixin_42612405的博客
02-15 2万+
这个错误通常表示您的计算机或服务器无法验证 SSL 证书的有效性。可能是因为您正在尝试访问的网站使用的 SSL 证书过期了,或者证书的颁发机构不被您的计算机或服务器信任。 要解决这个问题,您可以尝试以下几个步骤: 检查您的系统日期和时间是否正确,因为 SSL 证书的有效期是有限的,如果您的计算机时间不正确,可能会导致 SSL 证书验证失败。 确认您的计算机或服务器信任证书的颁发机构。您可以手动...
Maven 私服 unable to find valid certification path to requested target 错误
Hong_pro的博客
06-13 3937
unable to find valid certification path to requested target
javax.mail 邮件unable to find valid certification path to requested target
wnsh1990的博客
02-03 525
解决问题方案替换MailSSLSocketFactory为下面的类,这里用到了SSLContext.getInstance("TLSv1.2");MailSSLSocketFactory引用的为。
JavaMail发送邮件失败缺陷修复,unable to find valid certification path to requested target的bug处理
m0_46486963的博客
08-02 535
4.将刚才生成的证书jssecacerts 放置到$JAVA_HOME/jre/lib/security目录下,必须确认该JDK的jre是项目所用的JDK。参考了:https://blog.csdn.net/hithedy/article/details/104496538。发现java在访问SSL加密的网站的时,需要从JDK的KeyStore里面去查找对应的可信证书jssecacerts。注意这里没有录入用户和密码。3.输入1然后回车,然后当前目录下就会生成名为:jssecacerts 的证书。...
彻底解决unable to find valid certification path to requested target
热门推荐
程高伟
08-09 16万+
unable to find valid certification path to requested target 解决方案
解决javamail ssl 测试unable to find valid certification path to requested target
u014516601的博客
06-13 1393
运行 java InstallCert smtp.interdrp.com:465(smtp服务器地址:端口) 得到jssecacerts文件后复制到jdk1.8.0_14\jre\lib\security目录 然后再发送邮件就OK了! java代码: package reyo.sdk.utils.ca; import java.io.BufferedReader; import java...
linux smtp协议ssl证书配置发送邮件
05-23
在 Linux 系统上使用 SMTP 协议发送邮件时,可以使用 SSL/TLS 协议来加密通信,保护邮件的安全性。以下是 SSL 证书配置的步骤: 1. 安装 SSL 证书 首先需要从 SSL 证书颁发机构获取证书文件,一般是以 .crt 或 ....

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值