解决javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException

这篇具有很好参考价值的文章主要介绍了解决javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

问题现象:

Java Spring应用发送数据报如下问题。

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

原因分析:

用httpclient访问https资源时,会出现异常,与环境也有关系,有些机器请求正常。

解决方案:

1.复制附录代码到文本文件中,改名为InstallCert.java。然后在命令行中执行命令,编译InstallCert.java:

javac InstallCert.java

 2.再执行以下命令:

java InstallCert www.baidu.com

说明:网址处不需要输入(https://)信息,比如 www.baidu.com,只需域名即可。

随后服务器会返回认证的主题,发行方,加密方式等信息。

3.在这里输入1后,回车。

Enter certificate to add to trusted keystore or 'q' to quit: [1]
1

在目录下会生成文件jssecacerts,自此认证过程结束。

替换证书:

1.windows系统:将生成的jssecacerts文件复制到 jdk的相应路径下即可。

windows系统一般需要首先找到jdk安装路径

D:\Java\jdk1.8.0_221\jre\lib\security

2.Linux系统:需要首先使用 scp 命令 将 jssecacerts 传输至服务器。

3.docker:jdk通常在这个地方

/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/

/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/ (和上面其实一样)

替换完后,重启 docker 即可。

附录: 

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *  - Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 *  - Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 *  - Neither the name of Sun Microsystems nor the names of its

 *    contributors may be used to endorse or promote products derived

 *    from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out.println("Usage: java InstallCert [:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[]{tm}, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

            System.out.println("  Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("  sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("  md5    " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }


    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;


        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }


        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }


        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            throw new UnsupportedOperationException();

        }


        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }
    }

}

另详见:https://blog.csdn.net/chaishen10000/article/details/82992291文章来源地址https://www.toymoban.com/news/detail-573584.html

到了这里,关于解决javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 请求https报错证书校验失败(javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX

    项目中请求第三方https的URL,报错ssl证书校验失败 ssl校验失败有两种可能,一种是服务端ssl证书配置错误,一种是客户端请求的是非信任的https地址,客户端不信任该https的ssl证书。怀疑是使用了自签名证书,非各大厂提供签名证书 该问题有两种请求方案 手动下载ssl证书 (

    2024年02月03日
    浏览(67)
  • sun.security.validator.ValidatorException: PKIXpath building failed: sun.security.provider,javax.net

    报错信息: 问题描述: 在java代码中调用其他项目接口,发起的是https请求。报错信息说找不到有效证书路径。 问题解决: 信任所有SSL证书 1、新建一个SslUtil类 2、在HttpUtil工具类中修改代码 忽略HTTPS请求的SSL证书代码,必须在openConnection之前调用 解决方案参考文章https://de

    2024年02月08日
    浏览(36)
  • Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException:

    生命就像人家的魔法书,涂涂改改又是一年📖 原因 解决办法 完整报错: 在执行sqoop脚本导数据的时候出现 Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException: NotBefore: Tue Oct 11 17:24:18 CST 2022 报错,证书不合法,解决办法是jdbc连接MySQL时不使用ssl协议,

    2024年02月15日
    浏览(46)
  • Macos jdk ssl javax.net.ssl.SSLHandshakeException完美解决

    报了这么一个错误 javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake 网上一大把,测试不能用,谷歌了一下,发现少配置了一个环境变量。 System.setProperty(\\\"jdk.tls.useExtendedMasterSecret\\\", \\\"false\\\");//设置环境变量 /Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre/lib/security/java.se

    2024年02月13日
    浏览(62)
  • 解决远程调用三方接口:javax.net.ssl.SSLHandshakeException报错

    最近在对接腾讯会议API接口,在鉴权完成后开始调用对方的接口,在此过程中出现调用报错:javax.net.ssl.SSLHandshakeException。 当你在进行https请求时,JDK中不存在三方服务的信任证书,导致出现错误javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败。

    2024年02月13日
    浏览(49)
  • 已解决javax.net.ssl.SSLHandshakeException: SSL握手异常的正确解决方法,亲测有效!!!

    已解决javax.net.ssl.SSLHandshakeException: SSL握手异常的正确解决方法,亲测有效!!! 目录 问题分析 场景描述 报错原因 解决思路 解决方法 总结  博主v:XiaoMing_Java 在开发涉及HTTPS通信的Java应用时, javax.net.ssl.SSLHandshakeException 是一个常见的问题,它发生在客户端与服务器尝试建

    2024年04月12日
    浏览(39)
  • 解决报错:javax.net.ssl.SSLHandshakeException: No appropriate protocol

    使用对象存储进行文件上传时报错 注:该问题只要需要用到http的都有可能出现,不是只针对对象存储 jdk 的 java.security 文件存在配置问题 1、查看当前服务器使用的 jdk 版本 命令: java -version 2、查看该jdk的安装目录 命令: find / -name java.security 这里选择通过搜索 java.security 来

    2024年01月24日
    浏览(44)
  • javax.net.ssl.SSLHandshakeException No appropriate protocol报错解决方案

    用java开发了一个简单的***发送邮件***的程序,本地运行正常,但是上传到服务器就出现报错: 方案一 [原文参考地址](javax.net.ssl.SSLHandshakeException: No appropriate protocol报错解决_蓝缘的博客-CSDN博客) ​ 1、找到jdk目录/jre/lib/security/java.security,去掉jdk.tls.disabledAlgorithm中的SSLv3、T

    2023年04月15日
    浏览(36)
  • javax.net.ssl.SSLHandshakeException

    解决办法升级jdk版本或者修改jdk文件 1、对于服务器来说要支持域名并且不进行ssl证书校验,需要升级到jdk1.8的201版本及以上 2、修改…JavaJDKjrelibsecurity目录下java.security文件,添加下面语句到文件内容中

    2024年02月11日
    浏览(41)
  • https请求报错:javax.net.ssl.SSLHandshakeException:Received fatal alert: unrecognized_name 的解决过程

    提示:本地调试正常: 项目场景: 部署到WebSphere服务器上就会报上述错误; 一度认为是WebSphere服务器上的配置有问题,经过多次偿试,最终解决问题发现和服务配置无关; 测试环境使用HttpClient发送https请求下载附件时报错: 提示:项目地址是http,需要访问的地址是https: 因为访问

    2024年02月05日
    浏览(47)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包