专栏首页chenchenchen请求HTTPS接口提示缺少安全证书:unable to find valid certification path to requested target

请求HTTPS接口提示缺少安全证书:unable to find valid certification path to requested target

背景

Question:unable to find valid certification path to requested target

reason:缺少安全证书

解决

安装数字证书 或者生成证书

以下是获取安全证书的一种方法,通过以下程序获取安全证书:

/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
 
public class InstallCert {

    // 我们要访问的HTTPS服务,如访问 https://www.twitter.com

    public static final String hostName = "www.twitter.com";
 
	public static void main(String[] args) throws Exception {

        // args = new String[]{hostName};

		String host;
		int port;
		char[] passphrase;
		if ((args.length == 1) || (args.length == 2)) {
			String[] c = args[0].split(":");
			host = c[0];
			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
			String p = (args.length == 1) ? "changeit" : args[1];
			passphrase = p.toCharArray();
		} else {
			System.out
					.println("Usage: java InstallCert <host>[:port] [passphrase]");
			return;
		}
 
		File file = new File("jssecacerts");
		if (file.isFile() == false) {
			char SEP = File.separatorChar;
			File dir = new File(System.getProperty("java.home") + SEP + "lib"
					+ SEP + "security");
			file = new File(dir, "jssecacerts");
			if (file.isFile() == false) {
				file = new File(dir, "cacerts");
			}
		}
		System.out.println("Loading KeyStore " + file + "...");
		InputStream in = new FileInputStream(file);
		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
		ks.load(in, passphrase);
		in.close();
 
		SSLContext context = SSLContext.getInstance("TLS");
		TrustManagerFactory tmf = TrustManagerFactory
				.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(ks);
		X509TrustManager defaultTrustManager = (X509TrustManager) tmf
				.getTrustManagers()[0];
		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
		context.init(null, new TrustManager[] { tm }, null);
		SSLSocketFactory factory = context.getSocketFactory();
 
		System.out
				.println("Opening connection to " + host + ":" + port + "...");
		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
		socket.setSoTimeout(10000);
		try {
			System.out.println("Starting SSL handshake...");
			socket.startHandshake();
			socket.close();
			System.out.println();
			System.out.println("No errors, certificate is already trusted");
		} catch (SSLException e) {
			System.out.println();
			e.printStackTrace(System.out);
		}
 
		X509Certificate[] chain = tm.chain;
		if (chain == null) {
			System.out.println("Could not obtain server certificate chain");
			return;
		}
 
		BufferedReader reader = new BufferedReader(new InputStreamReader(
				System.in));
 
		System.out.println();
		System.out.println("Server sent " + chain.length + " certificate(s):");
		System.out.println();
		MessageDigest sha1 = MessageDigest.getInstance("SHA1");
		MessageDigest md5 = MessageDigest.getInstance("MD5");
		for (int i = 0; i < chain.length; i++) {
			X509Certificate cert = chain[i];
			System.out.println(" " + (i + 1) + " Subject "
					+ cert.getSubjectDN());
			System.out.println("   Issuer  " + cert.getIssuerDN());
			sha1.update(cert.getEncoded());
			System.out.println("   sha1    " + toHexString(sha1.digest()));
			md5.update(cert.getEncoded());
			System.out.println("   md5     " + toHexString(md5.digest()));
			System.out.println();
		}
 
		System.out
				.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
		String line = reader.readLine().trim();
		int k;
		try {
			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
		} catch (NumberFormatException e) {
			System.out.println("KeyStore not changed");
			return;
		}
 
		X509Certificate cert = chain[k];
		String alias = host + "-" + (k + 1);
		ks.setCertificateEntry(alias, cert);
 
		OutputStream out = new FileOutputStream("jssecacerts");
		ks.store(out, passphrase);
		out.close();
 
		System.out.println();
		System.out.println(cert);
		System.out.println();
		System.out
				.println("Added certificate to keystore 'jssecacerts' using alias '"
						+ alias + "'");
	}
 
	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
	private static String toHexString(byte[] bytes) {
		StringBuilder sb = new StringBuilder(bytes.length * 3);
		for (int b : bytes) {
			b &= 0xff;
			sb.append(HEXDIGITS[b >> 4]);
			sb.append(HEXDIGITS[b & 15]);
			sb.append(' ');
		}
		return sb.toString();
	}
 
	private static class SavingTrustManager implements X509TrustManager {
 
		private final X509TrustManager tm;
		private X509Certificate[] chain;
 
		SavingTrustManager(X509TrustManager tm) {
			this.tm = tm;
		}
 
		public X509Certificate[] getAcceptedIssuers() {
			throw new UnsupportedOperationException();
		}
 
		public void checkClientTrusted(X509Certificate[] chain, String authType)
				throws CertificateException {
			throw new UnsupportedOperationException();
		}
 
		public void checkServerTrusted(X509Certificate[] chain, String authType)
				throws CertificateException {
			this.chain = chain;
			tm.checkServerTrusted(chain, authType);
		}
	}
 
}

运行

1、使用idea main方法带参数启动运行

2、在文件所在目录,运行cmd,运行javac InstallCert.java 进行编译,然后执行:java InstallCert hostname

运行时报如下错误: 找不到或无法加载主类 InstallCert

(1)把java类上的package去掉,再运行命令

(2)在当前目录运行java -cp ../ src.InstallCert hostname,或者用绝对路径: java -cp D:/.../test src.InstallCert hostname

(3)

InstallCert.java在本地硬盘上目录: E:\Idea\src\main\java\com\demo 下

javac目录运行成功后,切换到目录E:\Idea\src\main\java下,运行命令:

java com.demo.InstallCert hostname

运行成功会看到如下信息

java InstallCert www.twitter.com
Loading KeyStore /usr/java/jdk1.6.0_16/jre/lib/security/cacerts...
Opening connection to www.twitter.com:443...
Starting SSL handshake...
 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
	at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
	at sun.security.validator.Validator.validate(Validator.java:203)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
	at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
	... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
	... 13 more
 
Server sent 2 certificate(s):
 
 1 Subject CN=www.twitter.com, O=example.com, C=US
   Issuer  CN=Certificate Shack, O=example.com, C=US
   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7 
   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54 
 
 2 Subject CN=Certificate Shack, O=example.com, C=US
   Issuer  CN=Certificate Shack, O=example.com, C=US
   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6 
   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68 
 
Enter certificate to add to trusted keystore or 'q' to quit: [1]

输入1,回车。看到如下信息表示成功地生成了证书

然后会在当前项目的最外层目录下产生一个名为“jssecacerts”的证书。

将生成的jssecacerts文件拷贝到%JAVA_HONME%\jre\lib\security\目录下。

或者通过以下方式:

System.setProperty("javax.net.ssl.trustStore", "你的jssecacerts证书路径");

注意

不能将在自己电脑上生成的jssecacerts文件拷贝到服务器上去,如果拷贝上去不会起作用,仍然会报错。

服务器必须编译InstallCert.java,去生成jssecacerts文件。

参考:

解决PKIX:unable to find valid certification path to requested target 的问题:https://blog.csdn.net/faye0412/article/details/6883879

Could not connect to SMTP host,PKIX path building failed,unable to find valid certification path:https://blog.csdn.net/frankcheng5143/article/details/52022289

unable to find valid certification path to requested target 最新解决方案:https://blog.csdn.net/da_caoyuan/article/details/104343058

Java:unable to find valid certification:https://www.jianshu.com/p/76ccea335300

导入cert之后,也无法找到请求目标错误的有效证书路径:https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c

彻底解决unable to find valid certification path to requested target:https://blog.csdn.net/frankcheng5143/article/details/52164939

java命令:java命令错误: 找不到或无法加载主类:https://blog.csdn.net/superit401/article/details/102782723

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • [问题记录]-PKIX-path-building-failed问题

    Springboot请求外部https接口,由于ssl证书信任问题会导致PKIX path building failed问题。具体体现在请求小程序接口时,出现...

    Java开发者之家
  • 记一次因证书问题导致请求失败问题SSLHandshakeException

    转载请注明出处:https://www.cnblogs.com/funnyzpc/p/10989813.html

    上帝
  • Unrecognized SSL message, plaintext connection?

      以这个错误信息为文章标题是不是更醒目一点,这是JavaMail使用SSL的方式登录邮箱时抛出的异常。代码如: public class Jav...

    高爽
  • 解析Java为什么不接受合法的HTTPS证书

    joymufeng
  • 解决PKIX问题:unable to find valid certification path to requested target【X509TrustManager】

    版权声明:本文为博主原创文章,遵循 CC 4.0 by-sa 版权协议,转载请附上原文出处链接和本声明。

    奋飛
  • WebService系列之Axis Https(SSL)证书校验错误处理方法

    异常原因是ssl证书校验失败,因为自己网站是http的,对方公司是https的接口,所以证书校验失败,处理方法是在网上找的一个不错的方法,思路是重写一个不验证证...

    SmileNicky
  • [已解决]java请求爬取https网站报错javax.net.ssl.SSLHandshakeException的解决办法

    在爬取https网站的时候,今天遇到了一个之前没有见过的异常javax.net.ssl.SSLHandshakeException,具体细节请看如图

    小小鱼儿小小林
  • 第十二节 微服务https之间访问问题

    上面这个问题归结起来就是无法验证网站的证书,找不到证书验证链 针对这个问题,Java的证书验证系统与其他不同,将代理工具生成的证书作为可信根证书导入系统证书库...

    用户1418372
  • An error occurred while collecting items to be installed...解决方法

    eclipse 为我们在开发中必不可缺的 IDE,熟悉 eclipse 的开发与应用可以让我们在项目中事半功倍。但是如果我们在使用过程中,比如使用 eclips...

    白鹿第一帅
  • Shiro框架学习,Shiro单点登录的支持

    Shiro 1.2开始提供了Jasig CAS单点登录的支持,单点登录主要用于多系统集成,即在多个系统中,用户只需要到一个中央服务器登录一次即可访问这些系统中的...

    用户1289394
  • [808]There were errors checking the update sites: SSLHandshakeException: sun.secu解决方案

    (1)插件管理页面提示:There were errors checking the update sites:IOException:Unable to tu...

    周小董
  • 云通信产品常见的SSL相关错误及解决方法

    SSL协议在当今的网络信息传输过程中起到了不可替代的作用,使用不对称加密技术实现会话双方之间信息的安全传递,实现信息传递的保密性、完整性,并且会话双方能鉴别对方...

    孙天骄
  • Docker服务开放了这个端口,服务器分分钟变肉机!

    Docker为了实现集群管理,提供了远程管理的端口。Docker Daemon作为守护进程运行在后台,可以执行发送到管理端口上的Docker命令。

    macrozheng
  • Http接口调用示例教程

    本文链接:https://blog.csdn.net/u014427391/article/details/97398717

    SmileNicky
  • CAS+SSO配置单点登录完整案例

    CAS+SSO配置单点登录完整案例

    Java架构师必看
  • AndroidStudio构建项目提示错误信息“unable to find valid certification”的完美解决方案

    手抖了一下,把AS升级到了最新版本,然后就悲剧了,公司的项目跑不起来,提示“unable to find valid certification”,新建项目也是...

    砸漏
  • 赶鸭子上架之安卓开发速成

    JDK(Java Development Kit) 是 Java 语言的软件开发工具包(SDK)。

    孔西皮
  • BuildGraph:构建支持多平台打包的二进制引擎

    从EpicGamesLauncher安装的是公版引擎,不能修改代码重新编译,可以在根据选择安装支持的平台、调试符号等。 自己从Github上Clone代码进行编...

    查利鹏
  • 使用Substrate开发区块链存证dApp

    前面文章介绍了在Substrate上开发智能合约,包括使用原生的ink!语言开发ERC20智能合约,以及将以太坊的Solidity智能合约跑在Substrate...

    Tiny熊

扫码关注云+社区

领取腾讯云代金券