how to solve this error “java.security.cert.Certif

2019-08-10 13:10发布

问题:

This question already has an answer here:

  • Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error? 16 answers

I am currently working on Mobile first version 8. While creating a java adapter to call a api through the following code I m receiving error "java.security.cert.CertificateException: PKIX path building failed mobile first java adapter error"

@GET
@Path("/unprotected")
@Produces(MediaType.TEXT_PLAIN)
@OAuthSecurity(enabled = false)
   public String unprotected() {
StringBuffer content = new StringBuffer();
try {
URL url = new URL("Some Url");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
   con.setRequestMethod("GET");
  BufferedReader in =new BufferedReader(new inputStreamReader(con.getInputStream()));
String inputLine;

while ((inputLine = in.readLine()) != null)
     content.append(inputLine);

logger.info("MYFind Data" + content.toString());
in.close();

con.disconnect();
} catch (Exception e) {
    logger.info("" + e.getMessage());
}
return content.toString();
}

error found in the logfile from "C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\logs\messages.log"

E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

00000619 com.wether.JavaAdapterMainResource I java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

回答1:

The error message very clearly articulates the problem:

SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks

The certificate from the endpoint is signed by 'COMODO'. Verify if your Java cacerts and/or keystore configured in your Liberty server has the root CA. If not, add it.



回答2:

Yes i finally got the answer as uh said "SSL handshake is failing from a missing signer in your server". I just registered the my api url certificate to my mobile-first server.To do so with the software to import the certificate on server.

The url for software :- https://keystore-explorer.org/downloads.html

the path of file where to import certificate:-

C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\resources\security

Password:-"mobilefirst"

and just drag and drop the certificate of you api url

final setp to restart server