一、背景
Azure作为微软的公有云平台,提供了非常丰富的SDK和API让开发人员可以非常方便的调用的各项服务。公司业务需要,我们需要访问Azure上注册的应用程序,需要访问https地址
https://login.microsoftonline.com/your-tenant-id 。
二、错误信息
简短报错信息:javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_332]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_332]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_332]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_332]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:1.8.0_332]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:1.8.0_332]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[na:1.8.0_332]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[na:1.8.0_332]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:1.8.0_332]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:1.8.0_332]
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[na:1.8.0_332]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[na:1.8.0_332]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1397) ~[na:1.8.0_332]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1305) ~[na:1.8.0_332]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) ~[na:1.8.0_332]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_332]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197) ~[na:1.8.0_332]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1572) ~[na:1.8.0_332]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500) ~[na:1.8.0_332]
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_332]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) ~[na:1.8.0_332]
at com.microsoft.aad.msal4j.DefaultHttpClient.readResponseFromConnection(DefaultHttpClient.java:105) ~[msal4j-1.13.0.jar!/:1.13.0]
at com.microsoft.aad.msal4j.DefaultHttpClient.executeHttpGet(DefaultHttpClient.java:47) ~[msal4j-1.13.0.jar!/:1.13.0]
at com.microsoft.aad.msal4j.DefaultHttpClient.send(DefaultHttpClient.java:35) ~[msal4j-1.13.0.jar!/:1.13.0]
at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequestWithRetries(HttpHelper.java:96) ~[msal4j-1.13.0.jar!/:1.13.0]
at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequest(HttpHelper.java:49) ~[msal4j-1.13.0.jar!/:1.13.0]
... 16 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456) ~[na:1.8.0_332]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[na:1.8.0_332]
at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_332]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) ~[na:1.8.0_332]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223) ~[na:1.8.0_332]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:1.8.0_332]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ~[na:1.8.0_332]
... 37 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_332]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_332]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_332]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451) ~[na:1.8.0_332]
... 43 common frames omitted
2022-08-16 17:26:53.542 ERROR 3480 --- [ scheduling-1] c.xx.xx.service.impl.XXServiceImpl : get new EWS Token With Certificate error : java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalClientException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
三、问题原因和解决思路
Java的keystore当中没有该网站https证书。需要手动使用keytool命令导入到jre里面。当然我们也可以使用Java的TrustManager忽略所有的SSL请求的证书(不推荐用于生产环境)。本次我们是直接导入对应的证书到jre里面来解决问题。
四、获取网站的证书
1.谷歌浏览器直接访问 https://login.microsoftonline.com/
快捷键F12进入开发者模式。进入security安全菜单下,可以看到显示“This page is secure (valid HTTPS)”,点击“view certificate ”
在证书界面,我们可以将证书复制到以便查看。
直接下一步,导出格式选择base64编码。
设置证书路径和文件名,点击完成即可。最终格式的.cer文件。
五、导入证书
将证书放在某个位置,建议放在C盘cert文件。
管理员运行控制台
先进入到Java的bin文件夹,我这里是
cd C:\Program Files\Java\jdk1.8.0_192\bin
执行下面的命令导入指定证书(需要根据自己的实际修改)
keytool -import -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -file c:\cert\login.microsoftonline.com.cer
-alias 后面是别名
-keystore 后面是keystore路径
-file 后面是刚刚导出的证书文件路径
安装证书与查看证书默认密码是changeit
六、查看证书
# 查看所有证书文章来源:https://www.toymoban.com/news/detail-457036.html
keytool -list -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
# 查看指定名字的证书文章来源地址https://www.toymoban.com/news/detail-457036.html
keytool -list -v -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass changeit
到了这里,关于Java调用Azure证书错误javax.net.ssl.SSLHandshakeException的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!