Java调用Azure证书错误javax.net.ssl.SSLHandshakeException-Toy模板网

这篇具有很好参考价值的文章主要介绍了Java调用Azure证书错误javax.net.ssl.SSLHandshakeException。希望对大家有所帮助。如果存在错误或未考虑完全的地方，请大家不吝赐教，您也可以点击"举报违法"按钮提交疑问。

一、背景

Azure作为微软的公有云平台，提供了非常丰富的SDK和API让开发人员可以非常方便的调用的各项服务。公司业务需要，我们需要访问Azure上注册的应用程序，需要访问https地址

https://login.microsoftonline.com/your-tenant-id 。

二、错误信息

简短报错信息：javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_332]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_332]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:1.8.0_332]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:1.8.0_332]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[na:1.8.0_332]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[na:1.8.0_332]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:1.8.0_332]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:1.8.0_332]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[na:1.8.0_332]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[na:1.8.0_332]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1397) ~[na:1.8.0_332]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1305) ~[na:1.8.0_332]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) ~[na:1.8.0_332]
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_332]
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197) ~[na:1.8.0_332]
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1572) ~[na:1.8.0_332]
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500) ~[na:1.8.0_332]
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_332]
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) ~[na:1.8.0_332]
        at com.microsoft.aad.msal4j.DefaultHttpClient.readResponseFromConnection(DefaultHttpClient.java:105) ~[msal4j-1.13.0.jar!/:1.13.0]
        at com.microsoft.aad.msal4j.DefaultHttpClient.executeHttpGet(DefaultHttpClient.java:47) ~[msal4j-1.13.0.jar!/:1.13.0]
        at com.microsoft.aad.msal4j.DefaultHttpClient.send(DefaultHttpClient.java:35) ~[msal4j-1.13.0.jar!/:1.13.0]
        at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequestWithRetries(HttpHelper.java:96) ~[msal4j-1.13.0.jar!/:1.13.0]
        at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequest(HttpHelper.java:49) ~[msal4j-1.13.0.jar!/:1.13.0]
        ... 16 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456) ~[na:1.8.0_332]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[na:1.8.0_332]
        at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_332]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) ~[na:1.8.0_332]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223) ~[na:1.8.0_332]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:1.8.0_332]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ~[na:1.8.0_332]
        ... 37 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_332]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_332]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_332]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451) ~[na:1.8.0_332]
        ... 43 common frames omitted

2022-08-16 17:26:53.542 ERROR 3480 --- [   scheduling-1] c.xx.xx.service.impl.XXServiceImpl  : get new EWS Token With Certificate error : java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalClientException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

三、问题原因和解决思路

Java的keystore当中没有该网站https证书。需要手动使用keytool命令导入到jre里面。当然我们也可以使用Java的TrustManager忽略所有的SSL请求的证书(不推荐用于生产环境)。本次我们是直接导入对应的证书到jre里面来解决问题。

四、获取网站的证书

1.谷歌浏览器直接访问 https://login.microsoftonline.com/

快捷键F12进入开发者模式。进入security安全菜单下，可以看到显示“This page is secure (valid HTTPS)”，点击“view certificate ”

Java调用Azure证书错误javax.net.ssl.SSLHandshakeException

在证书界面，我们可以将证书复制到以便查看。

Java调用Azure证书错误javax.net.ssl.SSLHandshakeException

直接下一步，导出格式选择base64编码。

Java调用Azure证书错误javax.net.ssl.SSLHandshakeException

设置证书路径和文件名，点击完成即可。最终格式的.cer文件。

五、导入证书

将证书放在某个位置，建议放在C盘cert文件。

管理员运行控制台

先进入到Java的bin文件夹，我这里是

cd C:\Program Files\Java\jdk1.8.0_192\bin

执行下面的命令导入指定证书(需要根据自己的实际修改)

keytool -import -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -file c:\cert\login.microsoftonline.com.cer

-alias 后面是别名

-keystore 后面是keystore路径

-file 后面是刚刚导出的证书文件路径

安装证书与查看证书默认密码是changeit

六、查看证书

# 查看所有证书

keytool -list -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"

# 查看指定名字的证书文章来源地址https://www.toymoban.com/news/detail-457036.html

keytool -list -v -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass changeit

到了这里，关于Java调用Azure证书错误javax.net.ssl.SSLHandshakeException的文章就介绍完了。如果您还想了解更多内容，请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章，希望大家以后多多支持TOY模板网！

Java调用Azure证书错误javax.net.ssl.SSLHandshakeException

一、背景

二、错误信息

三、问题原因和解决思路

四、获取网站的证书

五、导入证书

六、查看证书

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏

支付宝扫一扫领取红包，优惠每天领

二维码1

二维码2