[问题记录]-PKIX-path-building-failed问题

Java开发者之家

修改于 2021-09-01 10:55:00

1.4K0

修改于 2021-09-01 10:55:00

文章被收录于专栏：Java开发者之家Java开发者之家

# 『问题记录』PKIX path building failed问题

# 问题原因

Springboot请求外部https接口，由于ssl证书信任问题会导致PKIX path building failed问题。具体体现在请求小程序接口时，出现以上错误。

# 错误信息

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

# 解决方法

URL realUrl = null;
try {
    realUrl = new URL(url);
    if("https".equalsIgnoreCase(realUrl.getProtocol())){
        SslUtils.ignoreSsl();
    }
} catch (Exception e) {
    logger.error(e.toString());
}
ResponseEntity<String> response = restTemplate.getForEntity(String.valueOf(realUrl), String.class);

# SslUntils库

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class SslUtils {

    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    static class miTM implements TrustManager,X509TrustManager {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }

        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }

    /**
     * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }
}

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2020-05-08 ，如有侵权请联系 cloudcommunity@tencent.com 删除

java

本文分享自作者个人站点/博客前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体同步曝光计划，欢迎热爱写作的你一起参与！

java

登录后参与评论

0 条评论

热度

[问题记录]-PKIX-path-building-failed问题

[问题记录]-PKIX-path-building-failed问题

# 『问题记录』PKIX path building failed问题

# 问题原因

# 错误信息

# 解决方法

# SslUntils库

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐