Java调用https服务报错unable to find valid certification path to requested target的解决方法
咱们网站要进行https改造,配置上购买的SSL证书后,浏览器访问正常,可是写了个java代码用httpcomponents调用https rest接口时报错:html
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetjava
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)web
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)apache
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)浏览器
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)app
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)运维
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)ide
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)oop
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)网站
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at com.duiba.activity.cmsweb.controller.DappConfigCtrl.main(DappConfigCtrl.java:1248)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 25 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 31 more
网上查了一堆资料,要么说要把网站证书放到某个目录下,要么要改代码,没有我想要的,由于不可能让其余开发者去作这些事情。
后来了解到证书链这回事,才知道如何解决这个问题。有关证书链能够读这里:http://blog.sina.com.cn/s/blog_53ed87c10102vn8b.html
此问题产生的缘由是由于咱们运维配置证书时只使用了签发的证书,java客户端没法找到可信任的上级证书,因此报错。解决方法也很简单,把中级证书、根证书附加到签发证书后面就能够了,具体方法参考这里:https://yq.aliyun.com/articles/26569
- 1. SunCertPathBuilderException: unable to find valid certification path to requested target
- 2. unable to find valid certification path to requested target
- 3. ERROR: Unable to find valid certification path to requested target
- 4. java链接MySQL时报错,unable to find valid certification path to requested target
- 5. IDEA maven报错unable to find valid certification path to requested target
- 6. Android Studio报错Cause: unable to find valid certification path to requested target
- 7. AndroidStudio升级3.5报错unable to find valid certification path to requested target
- 8. java 报 unable to find valid certification path to requested target
- 9. 关于ERROR: Cause: unable to find valid certification path to requested target的解决
- 10. maven unable to find valid certification path to requested target的方法
- 更多相关文章...
- • 服务器上的 XML - XML 教程
- • SVN 解决冲突 - SVN 教程
- • 常用的分布式事务解决方案
- • Spring Cloud 微服务实战(三) - 服务注册与发现
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. SunCertPathBuilderException: unable to find valid certification path to requested target
- 2. unable to find valid certification path to requested target
- 3. ERROR: Unable to find valid certification path to requested target
- 4. java链接MySQL时报错,unable to find valid certification path to requested target
- 5. IDEA maven报错unable to find valid certification path to requested target
- 6. Android Studio报错Cause: unable to find valid certification path to requested target
- 7. AndroidStudio升级3.5报错unable to find valid certification path to requested target
- 8. java 报 unable to find valid certification path to requested target
- 9. 关于ERROR: Cause: unable to find valid certification path to requested target的解决
- 10. maven unable to find valid certification path to requested target的方法