java com.iplanet.services.comm.client.SendRequestException:sun.security.validator.ValidatorException:PKIX 路径构建失败:
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12562523/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed:
提问by pbhle
I did with following steps but its throwing exception:
我做了以下步骤,但它抛出异常:
1.I have installed openam 10.0.0 on windows server 2003.
1.我已经在 windows server 2003 上安装了 openam 10.0.0。
2.Configured tomcat with ssl on the same windows server machine.
2.在同一台windows服务器机器上用ssl配置tomcat。
3.It is configured correctly and openam url is accessible with https.
3.配置正确,可以通过https访问openam url。
4.Installed openam client sdk on another machine which is ubuntu machine and from that ubuntu machin i am trying to login to openam server using
4.在另一台 ubuntu 机器上安装了 openam 客户端 sdk,我正在尝试使用该 ubuntu 机器登录 openam 服务器
AuthContext lc = new AuthContext("/","https://server.ensarm.com:8443/openam/namingservice");
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
lc.login(indexType, "DataStore");
return lc;
But i am getting following exception:
但我收到以下异常:
ERROR: Naming service connection failed for https://server.ensarm.com:8443/openam/namingservice
com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I didn't understand what could be the problem.Is it due to to my java keystore (needed for ssl configuration) is on windows server machine and i have no keystore on ubuntu machine,
我不明白可能是什么问题。是不是因为我的 java 密钥库(ssl 配置需要)在 Windows 服务器机器上,而我在 ubuntu 机器上没有密钥库,
OR
或者
need to import keystore into ubuntu machine.?? Please can anyone help me to get out of this.
需要将密钥库导入 ubuntu 机器。??请任何人都可以帮助我摆脱这种情况。
回答by Vamsi Mohan Jayanti
“javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:”It means the server does not have a valid certificate from an Authorized CA.
“ javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:”这意味着服务器没有来自授权 CA 的有效证书。
You are facing this exception because you are try to connect through SSL (https). You would need to import the server certificate into the JRE KeyStore.
您正面临此异常,因为您尝试通过 SSL (https) 进行连接。您需要将服务器证书导入 JRE 密钥库。
Perform the following steps to resolve it:
执行以下步骤来解决它:
Getting the certificate: Type the URL (e.g. https://server.ensarm.com:8443/openam/namingservice) in your browser.
获取证书:在浏览器中输入 URL(例如https://server.ensarm.com:8443/openam/namingservice)。
- You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
- Next step would be to install export the certificate and installing it in the jre keystore. Use keytool certificate management utility to perform thishttp://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html .
- Exporting certificate: Go to Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) as e.g. mycert.cer.
- Go to JRE\BIN and use the keytool -import command to import the file into your cacerts keystore. E.g. keytool --import -alias MYCA -keystore ..\lib\security\cacerts -file c:\mycert.cer. Enter keystore password: (by default it will be “changeit”).Input “yes” to the prompts.
- Run command keytool -list -keystore ..\lib\security\cacerts . You will now see a list of all the certificates including the one you just added.
- 您现在可能会看到一个对话框,警告您有关证书的信息。现在单击“查看证书”并安装证书。忽略任何警告消息。
- 下一步是安装导出证书并将其安装在 jre 密钥库中。使用 keytool 证书管理实用程序执行此操作 http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html 。
- 导出证书:转到工具->'Internet 选项'->内容->证书。打开证书后,在“受信任的根证书颁发机构”下找到您刚刚安装的证书。选择正确的证书并单击“导出”。您现在可以将它(DER 编码的二进制文件)保存为例如 mycert.cer。
- 转至 JRE\BIN 并使用 keytool -import 命令将文件导入您的 cacerts 密钥库。例如 keytool --import -alias MYCA -keystore ..\lib\security\cacerts -file c:\mycert.cer。输入密钥库密码:(默认为“changeit”)。在提示中输入“yes”。
- 运行命令 keytool -list -keystore ..\lib\security\cacerts 。您现在将看到所有证书的列表,包括您刚刚添加的证书。
