tomcat PKIX路径构建失败:安全性提供者证书路径生成器异常:找不到请求目标的有效证书路径[重复]

pod7payv  于 2022-11-13  发布在  其他
关注(0)|答案(3)|浏览(254)

此问题在此处已有答案

Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?(32个答案)
5个月前关闭。
我正在Tomcat 7.x中通过TLS连接(https)进行Web服务调用
调用Web服务时,我收到以下错误。问题是什么?我已尝试创建证书和CA。
仅供参考-https://sites.google.com/site/ddmwsst/create-your-own-certificate-and-ca
我导入了CA证书和其他证书,但我仍然得到这个问题。请咨询。

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MyService?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92)
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632)
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
    ... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 61 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

我正在通过本地创建来测试证书。因此,我执行了以下步骤。
密钥〉keytool -genkey -别名TLS -密钥库TLSKeyStore.jks -密钥算法RSA -使用RSA签名SHA1密钥〉keytool -导出-别名TLS -文件TLS.cer -密钥库TLSKeyStore.jks密钥〉keytool -certreq -别名TLS -密钥库TLSKeyStore.jks -文件TLS.csr
CA〉设置RANDFILE=随机数
如果您想访问OpenSSL,请点击这里。如果您想访问OpenSSL,请点击这里。
CA〉openssl x509 -签名密钥TLSkey.pem -请求-天数3650 -输入TLSreq.pem -输出TLSroot.cer -扩展v3_ca
如果您有任何问题,请联系我们。如果您有任何问题,请联系我们。
密钥〉密钥工具-导入-别名TLSCA -文件../CA/TLSrot.cer -密钥库TLSKeyStore.jks密钥〉密钥工具-导入-别名TLS -文件TLSTestCA.cer -密钥库TLSKeyStore.jks

rm5edbpk

rm5edbpk1#

最后我找到了解决这个问题的方法。
在InstallCert.java此链接中引用此www.example.com。通过将参数传递为localhost:9443,将此程序作为独立程序运行,程序将在eclipse下创建jssecacerts文件。将此jssecacerts文件复制到JDK_HOME\jre\lib\security\文件夹中。这样应该可以解决问题
TLS设置愉快!!!

dgjrabp2

dgjrabp22#

以下是如何导入证书以修复以下错误的全面摘要:

尝试执行请求时出错。javax .NET.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:安全性提供者证书路径生成器异常:找不到所请求目标的有效证书路径

如何导入证书

  • 转到浏览器中的URL,单击HTTPS证书链(URL地址旁边的小锁符号)以导出证书
  • 点击“更多信息”〉“安全”〉“显示证书”〉“详细信息”〉“导出"。
  • 保存为**.der**
  • 对需要导入的所有证书重复上述步骤
  • 查找**$JAVA_HOME/jre/库/安全性/cacerts**
    *使用以下命令将所有 *.der文件导入cacerts文件:
sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der
sudo keytool -import -alias mysiteprod -keystore  $JAVA_HOME/jre/lib/security/cacerts -file prod.der
sudo keytool -import -alias mysitedev -keystore  $JAVA_HOME/jre/lib/security/cacerts -file dev.der
  • 默认密钥库密码为“changeit”
  • 您可以查看使用此命令所做的更改,该命令显示证书指纹。
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
  • 如果这不能解决问题,请尝试添加以下java选项作为参数:
-Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts"
-Djavax.net.ssl.trustStorePassword="changeit"

我猜你可能错过了一个步骤。我也遇到了同样的错误,直到我意识到我导入了错误的证书

tkclm6bt

tkclm6bt3#

请确保在下载ssl证书时禁用了防病毒软件。禁用防病毒软件后,请下载ssl证书。

相关问题