Java 信任所有SSL证书(解决PKIX path building failed问题)

最新推荐文章于 2024-05-16 21:54:23 发布
最新推荐文章于 2024-05-16 21:54:23 发布
阅读量5.6w 收藏 30
点赞数 6
分类专栏: java

http://javaweb.org/?p=1237



Java在请求某些不受信任的https网站时会报:PKIX path building failed

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.ssl.Alerts.getSSLException(Alerts.java: 192 )
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: 1884 )
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java: 276 )
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java: 270 )
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 1341 )
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: 153 )
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java: 868 )
     at sun.security.ssl.Handshaker.process_record(Handshaker.java: 804 )
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 1016 )
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 1312 )
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1339 )
     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1323 )
     at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 563 )
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java: 185 )
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java: 1300 )
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java: 254 )
     at SslTest.getRequest(SslTest.java: 16 )
     at SslTest.main(SslTest.java: 40 )
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 385 )
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java: 230 )
     at sun.security.validator.Validator.validate(Validator.java: 260 )
     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java: 326 )
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java: 231 )
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 126 )
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 1323 )
     ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java: 196 )
     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java: 268 )
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 380 )
     ... 19 more

解决办法:

1、导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书,因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法,在连接openConnection的时候忽略掉证书就行了。

1
SslUtils.ignoreSsl();
SslUtils.java 


package com.emchat.example.httpclient.utils;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SslUtils {private static void trustAllHttpsCertificates() throws Exception {
    TrustManager[] trustAllCerts = new TrustManager[1];
    TrustManager tm = new miTM();
    trustAllCerts[0] = tm;
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, null);
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}

static class miTM implements TrustManager,X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public boolean isServerTrusted(X509Certificate[] certs) {
        return true;
    }

    public boolean isClientTrusted(X509Certificate[] certs) {
        return true;
    }

    public void checkServerTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }

    public void checkClientTrusted(X509Certificate[] certs, String authType)
            throws CertificateException {
        return;
    }
}
 
/**
 * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
 * @throws Exception
 */
public static void ignoreSsl() throws Exception{
    HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
            return true;
        }
    };
    trustAllHttpsCertificates();
    HttpsURLConnection.setDefaultHostnameVerifier(hv);
}

}



SslTest.java:


import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import org.apache.commons.io.IOUtils;
 
public class SslTest {
     
    public String getRequest(String url,int timeOut) throws Exception{
        URL u = new URL(url);
        if("https".equalsIgnoreCase(u.getProtocol())){
            SslUtils.ignoreSsl();
        }
        URLConnection conn = u.openConnection();
        conn.setConnectTimeout(timeOut);
        conn.setReadTimeout(timeOut);
        return IOUtils.toString(conn.getInputStream());
    }
     
    public String postRequest(String urlAddress,String args,int timeOut) throws Exception{
        URL url = new URL(urlAddress);
        if("https".equalsIgnoreCase(url.getProtocol())){
            SslUtils.ignoreSsl();
        }
        URLConnection u = url.openConnection();
        u.setDoInput(true);
        u.setDoOutput(true);
        u.setConnectTimeout(timeOut);
        u.setReadTimeout(timeOut);
        OutputStreamWriter osw = new OutputStreamWriter(u.getOutputStream(), "UTF-8");
        osw.write(args);
        osw.flush();
        osw.close();
        u.getOutputStream();
        return IOUtils.toString(u.getInputStream());
    }
     
    public static void main(String[] args) {
        try {
            SslTest st = new SslTest();
            String a = st.getRequest("https://xxx.com/login.action", 3000);
            System.out.println(a);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
 
}


zziamalei
关注
  • 6
    点赞
  • 30
    收藏
    觉得还不错? 一键收藏
  • 7
    评论
专栏目录
解决Exception in thread “main“ javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.sec
user123name的博客
11-26 4514
访问一个接口,通过postman可以调用但是使用HttpClient无法访问报错误。 Exception in thread “main” javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
解决PKIX path building failed问题
03-17
标题中的“解决PKIX path building failed问题”是一个关于网络安全和证书验证的常见错误,通常出现在Java应用程序中。当一个程序尝试通过HTTPS连接到一个服务器时,如果Java信任存储(Truststore)不包含服务器...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building f
baidu_41909845的博客
03-30 2701
这是SSL证书请求问题
JAVA后端线上环境调用接口出现证书信任PKIX path building failed
qq_25568881的博客
09-21 2807
JAVA后端线上环境调用接口出现证书信任PKIX path building failed 文章目录JAVA后端线上环境调用接口出现证书信任PKIX path building failed前言一、测试验证是否无法调通目标接口二、JDK将证书导入证书库总结 前言 目前市面上,比如阿里云购买的HTTPS证书,在浏览器中是可信任证书,但是对于JAVA程序而言,可能会出现以下错误: javax.net.ssl.SSLHandshakeException: sun.security.validato
Java进阶(三)Java安全通信:HTTPS与SSL_sslcontext(1)
2401_84253894的博客
05-16 981
然后,可以根据需要客户化(自己设置)特定的属性。实际上,认证权威单位会担保它发出的认证书的真实性,如果你信任发出认证书的认证权威单位的话,你就可以相信这个认证书是有效的。自己签名的证书只是用户产生的证书,没有正式在大家所熟知的认证权威那里注册过,因此不能确保它的真实性。③客户利用服务器传过来的信息验证服务器的合法性,服务器的合法性包括:证书是否过期,发行服务器证书的CA 是否可靠,发行者证书的公钥能否正确解开服务器证书的“发行者的数字签名”,服务器证书上的域名是否和服务器的实际域名相匹配。
java信任所有证书
weixin_30387339的博客
03-21 591
package com.eeepay.cashOut.util; import java.io.BufferedReader; import java.io.DataOutputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.UnsupportedEncodi...
SSL.7z,解决PKIX path building failed问题
03-10
PKIX path building failed问题解决本地环境中报错 PKIX path building failed问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
PKIX path building failed解决java获取https的时遇到的证书问题
最新发布
07-02
java在获取https的网页时,有时候会出现如下异常:javax...PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:  unable to find valid certification path to requested target
关于IDEA2020.1新建项目maven PKIX 报错问题解决方法
08-19
这个错误的主要原因是ValidatorException:PKIX path building failed : sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target。...
验证证书unable to find valid certification path to requested target
05-07
当在Java中使用URL.openConnection().connect()方法进行HTTPS请求时,如果遇到PKIX path building failed异常,通常意味着Java运行环境在验证服务器证书链时遇到了问题。具体错误信息sun.security.provider....
jdk添加信任证书
笑语轻柔
12-07 5244
1、获取访问网址的证书.cer文件。以chrome为例 2、添加jdk信任证书 以管理员身份打开命令窗口输入以下命令: keytool -import -v -trustcacerts -alias 文件名 -file "文件完整路径" -storepass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts" 提示以下截图则成功: 3、额外补充说明   changeit 是密码, java默认。   keytoo
解决PKIX path building failed: sun.security.provider.cert path.SunCertPathBuilderException
harden_no1的博客
09-22 2154
解决PKIX path building failed: sun.security.provider.cert path.SunCertPathBuilderException
IDEA maven引入 SSL证书校验问题
qq_42332204的博客
06-03 5742
maven依赖导入问题 之前在做项目的时候就遇到了这个问题,pom文件中引入依赖时,会有如下报错: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 这是因为maven请求远程仓库进行下载依赖jar包时进行了安全证书的验证,由于本地jdk没有添加安全证书,因此在执
org.apache.http.ssl.SSLInitializationException: class configured for SSLContext: sun.security.ssl.SS
weixin_43949403的博客
12-03 3051
文章目录org.apache.http.ssl.SSLInitializationException: class configured for SSLContext: sun.security.ssl.SSLContextImpl$TLSContext not a SSLContext解决方案 org.apache.http.ssl.SSLInitializationException: class configured for SSLContext: sun.security.ssl.SSLContex
java中添加https证书解决PKIX错误
殷长庆的博客
03-30 1364
在linux中部署了一个java项目,期间用到了https调用其他项目的接口,这个https证书是自己生成的测试证书,不会被java自带的安全证书库识别,调用时会报错: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path
解决PKIX path building failed
热门推荐
gaoxiang24的博客
06-04 1万+
在调用服务方https地址接口时出现错误: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to req...
java如何解决PKIX path building failed
03-29
PKIX path building failedJava中的一个常见错误,它通常表示在建立PKIX路径时出现了问题PKIX(Public Key Infrastructure X.509)是一种用于验证和建立数字证书链的标准协议。 要解决PKIX path building ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 7
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值