当前位置:theitroad>javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/33868167/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-11 15:06:04  来源:igfitidea点击:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

java

提问by Gopal

i am using java application to check the url connrectivity, for the some url (internal) application url, i am getting 200 (success), for the others i am getting the below exception.

我正在使用 java 应用程序检查 url 连接性,对于某些 url(内部)应用程序 url,我得到 200(成功),对于其他人,我得到以下异常。

but if i manually connect to the below url , no issues on that, do i need pki certificates. need your help.

但是如果我手动连接到下面的 url ,没有问题,我需要 pki 证书。需要你的帮助。

URL Link response code (200), good

URL 链接响应代码 (200),好

http://pns15a-0215.corpny.com:21212/Mngr200 OK OK

http://pns15a-0215.corpny.com:21212/Mngr200 OK OK

URL link response exception

URL链接响应异常

https://tantex.intra.net/Mngr/

https://tantex.intra.net/Mngr/

Exception message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

异常消息:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效认证路径

Logs

日志

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 sun.security.ssl.Alerts.getSSLException 处找到请求目标的有效认证路径(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker。致命SE(Handshaker.java:270) 在sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) 在sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

Program Source code

程序源代码

        log.info("testing the httpurlconnection for url:" + strUrl );

            url = new URL(strUrl);
            urlConn = (HttpURLConnection) url.openConnection();
            urlConn.connect();

            if (urlConn.getResponseCode() == HttpURLConnection.HTTP_OK )
            {
                log.info("url http connection is sucessfull");

                //append the response status
                urlResponseStatus = "OK";
            }
            else
            {
                log.info("url http connection failure, response code:" +  urlConn.getResponseCode());

                //append the response status
                urlResponseStatus = "NOT OK";
            }

            urlResponseCode = urlConn.getResponseCode();
            urlResponseMessage =  urlConn.getResponseMessage();

采纳答案by Thilak

The SSL certificate isn't trusted by Java. The certificate may be self-signed, or it may be signed by a CA (Certificate Authority) whose root certificate is not in the Java certificate store.

Java 不信任 SSL 证书。证书可以是自签名的,也可以由根证书不在 Java 证书库中的 CA(证书颁发机构)签名。

Add the code to trust the certificate provided by host. Import the certificate before consuming the URL.

添加代码以信任主机提供的证书。在使用 URL 之前导入证书。

Just add below code to trust the certificate

只需添加以下代码即可信任证书

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
    public void checkServerTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

   try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

// Add your code below

相关推荐

Java 如何正确解码传递给 servlet 的 unicode 参数

Java 如何正确解码传递给 servlet 的 unicode 参数

Java RecyclerView - 获取特定位置的视图

Java RecyclerView - 获取特定位置的视图

java.util.logging.Logger 不尊重 java.util.logging.Level?

java.util.logging.Logger 不尊重 java.util.logging.Level?

Java 用于阅读的 Apache POI 流 (SXSSF)

Java 用于阅读的 Apache POI 流 (SXSSF)

相关推荐
最近更新
标签