PKIX路径建设失败:sun.security.provider.certpath.SunCertP

2019-08-17 01:26发布

站内文章 / 后端开发
458 0 0

我在做Web服务调用直通到Tomcat 7.x的TLS连接(HTTPS)

当调用WebService的,我得到下面的错误。 会是什么问题? 我曾尝试创建证书和CA.

仅供参考- https://sites.google.com/site/ddmwsst/create-your-own-certificate-and-ca

我导入CA证书等证书,仍然我得到这个问题。 请指教。 

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MyService?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92)
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632)
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
    ... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 61 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

我对本地创建测试证书。 所以我按照这些步骤。

键>密钥工具-genkey -alias TLS -keystore TLSKeyStore.jks -keyalg RSA -sigalg SHA1withRSA密钥>密钥工具-export -alias TLS -file TLS.cer -keystore TLSKeyStore.jks键>密钥工具-certreq -alias TLS -keystore TLSKeyStore.jks -file TLS.csr

CA>组RAND FILE =兰特

CA> OpenSSL的REQ -new -keyout TLSkey.pem退房手续TLSreq.pem -config C:\ OpenSSL的 - Win64的\斌\ openssl.cfg

CA> OpenSSL的X​​509 -signkey TLSkey.pem -req -days 3650 -in TLSreq.pem退房手续TLSroot.cer -Extensions v3_ca

CA> OpenSSL的X​​509 -CA TLSroot.cer -CAkey TLSkey.pem -CAserial serial.txt -req -in ../Keys/TLS.csr -out ../Keys/TLSTestCA.cer -days 365

键>密钥工具-import -alias TLSCA -file ../CA/TLSroot.cer -keystore TLSKeyStore.jks键>密钥工具-import -alias TLS -file TLSTestCA.cer -keystore TLSKeyStore.jks

Answer 1:

最后我得到了解决这个问题的方式。

请参阅本InstallCert.java在这个环节。 通过传递参数为localhost运行该程序作为独立:9443和程序创建eclipse下jssecacerts文件。 复制此jssecacerts文件到您的JDK_HOME \ JRE \ lib \ security中\文件夹中。 这应该解决问题

快乐TLS设置!



Answer 2:

下面是如何导入证书,以解决以下错误整体摘要:

错误试图执行请求。 javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径建设失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的认证路径请求的目标

如何导入证书

  1. 转到URL在浏览器中,单击HTTPS证书链(旁边的URL地址的小锁标志) 导出证书
    • 点击“更多信息” - >“安全” - >“显示证书”>“详细信息” - >“出口..”。
    • 另存为.der
    • 重复需要导入任何证书
  2. 找到$ JAVA_HOME / JRE / lib / security中/ cacerts中

  3. 使用以下导入所有* .der文件到cacerts文件: 

     sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der sudo keytool -import -alias mysiteprod -keystore $JAVA_HOME/jre/lib/security/cacerts -file prod.der sudo keytool -import -alias mysitedev -keystore $JAVA_HOME/jre/lib/security/cacerts -file dev.der

  4. 默认密钥库密码“的changeit”

  5. 您可以查看您使用此命令,显示证书指纹所做的更改。 

     keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

  6. 如果这不能解决问题,请尝试将这些Java选项作为参数: 

     -Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts" -Djavax.net.ssl.trustStorePassword="changeit"

我的猜测是,你可能已经错过了一步。 我也有同样的错误,直到我意识到我进口错误的证书



文章来源: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
标签: apache tomcat ssl
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~