解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败

这篇具有很好参考价值的文章主要介绍了解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

一、问题现象

之前一个项目使用Java请求客户提供的接口时,返回报错如下:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexcepti,ssl,网络协议,java,nginx,网络

二、原因

javax.net.ssl.SSLHandshakeException错误通常表示 SSL 握手失败。这意味着在建立 SSL 连接时,Java 安全管理器无法构建一个有效的证书路径,从而无法找到有效的证书路径来验证目标站点的证书,触发此错误信息的调用方环境都是JAVA开发环境

三、解决方法

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
import java.io.*;
import java.net.URL;
 
import java.security.*;
import java.security.cert.*;
 
import javax.net.ssl.*;
 
public class InstallCert {
 
    public static void main(String[] args) throws Exception {
    String host;
    int port;
    char[] passphrase;
    if ((args.length == 1) || (args.length == 2)) {
        String[] c = args[0].split(":");
        host = c[0];
        port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
        String p = (args.length == 1) ? "changeit" : args[1];
        passphrase = p.toCharArray();
    } else {
        System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
        return;
    }
 
    File file = new File("jssecacerts");
    if (file.isFile() == false) {
        char SEP = File.separatorChar;
        File dir = new File(System.getProperty("java.home") + SEP
            + "lib" + SEP + "security");
        file = new File(dir, "jssecacerts");
        if (file.isFile() == false) {
        file = new File(dir, "cacerts");
        }
    }
    System.out.println("Loading KeyStore " + file + "...");
    InputStream in = new FileInputStream(file);
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(in, passphrase);
    in.close();
 
    SSLContext context = SSLContext.getInstance("TLS");
    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
    SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
    context.init(null, new TrustManager[] {tm}, null);
    SSLSocketFactory factory = context.getSocketFactory();
 
    System.out.println("Opening connection to " + host + ":" + port + "...");
    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
    socket.setSoTimeout(10000);
    try {
        System.out.println("Starting SSL handshake...");
        socket.startHandshake();
        socket.close();
        System.out.println();
        System.out.println("No errors, certificate is already trusted");
    } catch (SSLException e) {
        System.out.println();
        e.printStackTrace(System.out);
    }
 
    X509Certificate[] chain = tm.chain;
    if (chain == null) {
        System.out.println("Could not obtain server certificate chain");
        return;
    }
 
    BufferedReader reader =
        new BufferedReader(new InputStreamReader(System.in));
 
    System.out.println();
    System.out.println("Server sent " + chain.length + " certificate(s):");
    System.out.println();
    MessageDigest sha1 = MessageDigest.getInstance("SHA1");
    MessageDigest md5 = MessageDigest.getInstance("MD5");
    for (int i = 0; i < chain.length; i++) {
        X509Certificate cert = chain[i];
        System.out.println
            (" " + (i + 1) + " Subject " + cert.getSubjectDN());
        System.out.println("   Issuer  " + cert.getIssuerDN());
        sha1.update(cert.getEncoded());
        System.out.println("   sha1    " + toHexString(sha1.digest()));
        md5.update(cert.getEncoded());
        System.out.println("   md5     " + toHexString(md5.digest()));
        System.out.println();
    }
 
    System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
    String line = reader.readLine().trim();
    int k;
    try {
        k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
    } catch (NumberFormatException e) {
        System.out.println("KeyStore not changed");
        return;
    }
 
    X509Certificate cert = chain[k];
    String alias = host + "-" + (k + 1);
    ks.setCertificateEntry(alias, cert);
 
    OutputStream out = new FileOutputStream("jssecacerts");
    ks.store(out, passphrase);
    out.close();
 
    System.out.println();
    System.out.println(cert);
    System.out.println();
    System.out.println
        ("Added certificate to keystore 'jssecacerts' using alias '"
        + alias + "'");
    }
 
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
    private static String toHexString(byte[] bytes) {
    StringBuilder sb = new StringBuilder(bytes.length * 3);
    for (int b : bytes) {
        b &= 0xff;
        sb.append(HEXDIGITS[b >> 4]);
        sb.append(HEXDIGITS[b & 15]);
        sb.append(' ');
    }
    return sb.toString();
    }
 
    private static class SavingTrustManager implements X509TrustManager {
 
    private final X509TrustManager tm;
    private X509Certificate[] chain;
 
    SavingTrustManager(X509TrustManager tm) {
        this.tm = tm;
    }
 
    public X509Certificate[] getAcceptedIssuers() {
        throw new UnsupportedOperationException();
    }
 
    public void checkClientTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        throw new UnsupportedOperationException();
    }
 
    public void checkServerTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
        this.chain = chain;
        tm.checkServerTrusted(chain, authType);
    }
    }
 
}

把上面这段代码copy出来,什么都不要改(包括package名);再在本地新建一个跟此类名相同的.java文件,将内容粘贴进去;然后进入命令行

1、编译:

javac InstallCert.java

2、运行

java InstallCert domain.company.com.cn

(说明:java InstallCert 后面需要替换为自己对应Java请求出错的站点URL,不需要输入 https:// 信息,如:www.baidu.com)

在运行过程中,会看到以下信息:

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 13 more
Server sent 2 certificate(s):
1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7 
   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54
2 Subject CN=Certificate Shack, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6 
   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68
Enter certificate to add to trusted keystore or 'q' to quit: [1]

这个时候输入1,直接回车即可;然后会在相应的目录下生成一个名为 jssecacerts 的证书

将此证书复制到 $JAVA_HOME/jre/lib/security 目录下,最后重启项目即可访问成功。

javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexcepti,ssl,网络协议,java,nginx,网络文章来源地址https://www.toymoban.com/news/detail-761675.html

到了这里,关于解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 请求https报错证书校验失败(javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX

    项目中请求第三方https的URL,报错ssl证书校验失败 ssl校验失败有两种可能,一种是服务端ssl证书配置错误,一种是客户端请求的是非信任的https地址,客户端不信任该https的ssl证书。怀疑是使用了自签名证书,非各大厂提供签名证书 该问题有两种请求方案 手动下载ssl证书 (

    2024年02月03日
    浏览(67)
  • sun.security.validator.ValidatorException: PKIXpath building failed: sun.security.provider,javax.net

    报错信息: 问题描述: 在java代码中调用其他项目接口,发起的是https请求。报错信息说找不到有效证书路径。 问题解决: 信任所有SSL证书 1、新建一个SslUtil类 2、在HttpUtil工具类中修改代码 忽略HTTPS请求的SSL证书代码,必须在openConnection之前调用 解决方案参考文章https://de

    2024年02月08日
    浏览(36)
  • Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException:

    生命就像人家的魔法书,涂涂改改又是一年📖 原因 解决办法 完整报错: 在执行sqoop脚本导数据的时候出现 Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateNotYetValidException: NotBefore: Tue Oct 11 17:24:18 CST 2022 报错,证书不合法,解决办法是jdbc连接MySQL时不使用ssl协议,

    2024年02月15日
    浏览(46)
  • Macos jdk ssl javax.net.ssl.SSLHandshakeException完美解决

    报了这么一个错误 javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake 网上一大把,测试不能用,谷歌了一下,发现少配置了一个环境变量。 System.setProperty(\\\"jdk.tls.useExtendedMasterSecret\\\", \\\"false\\\");//设置环境变量 /Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre/lib/security/java.se

    2024年02月13日
    浏览(63)
  • 解决远程调用三方接口:javax.net.ssl.SSLHandshakeException报错

    最近在对接腾讯会议API接口,在鉴权完成后开始调用对方的接口,在此过程中出现调用报错:javax.net.ssl.SSLHandshakeException。 当你在进行https请求时,JDK中不存在三方服务的信任证书,导致出现错误javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败。

    2024年02月13日
    浏览(49)
  • 已解决javax.net.ssl.SSLHandshakeException: SSL握手异常的正确解决方法,亲测有效!!!

    已解决javax.net.ssl.SSLHandshakeException: SSL握手异常的正确解决方法,亲测有效!!! 目录 问题分析 场景描述 报错原因 解决思路 解决方法 总结  博主v:XiaoMing_Java 在开发涉及HTTPS通信的Java应用时, javax.net.ssl.SSLHandshakeException 是一个常见的问题,它发生在客户端与服务器尝试建

    2024年04月12日
    浏览(39)
  • 解决报错:javax.net.ssl.SSLHandshakeException: No appropriate protocol

    使用对象存储进行文件上传时报错 注:该问题只要需要用到http的都有可能出现,不是只针对对象存储 jdk 的 java.security 文件存在配置问题 1、查看当前服务器使用的 jdk 版本 命令: java -version 2、查看该jdk的安装目录 命令: find / -name java.security 这里选择通过搜索 java.security 来

    2024年01月24日
    浏览(44)
  • javax.net.ssl.SSLHandshakeException No appropriate protocol报错解决方案

    用java开发了一个简单的***发送邮件***的程序,本地运行正常,但是上传到服务器就出现报错: 方案一 [原文参考地址](javax.net.ssl.SSLHandshakeException: No appropriate protocol报错解决_蓝缘的博客-CSDN博客) ​ 1、找到jdk目录/jre/lib/security/java.security,去掉jdk.tls.disabledAlgorithm中的SSLv3、T

    2023年04月15日
    浏览(36)
  • javax.net.ssl.SSLHandshakeException

    解决办法升级jdk版本或者修改jdk文件 1、对于服务器来说要支持域名并且不进行ssl证书校验,需要升级到jdk1.8的201版本及以上 2、修改…JavaJDKjrelibsecurity目录下java.security文件,添加下面语句到文件内容中

    2024年02月11日
    浏览(42)
  • https请求报错:javax.net.ssl.SSLHandshakeException:Received fatal alert: unrecognized_name 的解决过程

    提示:本地调试正常: 项目场景: 部署到WebSphere服务器上就会报上述错误; 一度认为是WebSphere服务器上的配置有问题,经过多次偿试,最终解决问题发现和服务配置无关; 测试环境使用HttpClient发送https请求下载附件时报错: 提示:项目地址是http,需要访问的地址是https: 因为访问

    2024年02月05日
    浏览(47)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包