com.iplanet.services.comm.client.SendRequestException:sun.security.validator.ValidatorException:PKIX路径构建失败: [英] com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed:

问题描述

我做了以下步骤，但抛出异常:

I did with following steps but its throwing exception:

1.我已经在Windows Server 2003上安装了openam 10.0.0.

1.I have installed openam 10.0.0 on windows server 2003.

2.在同一Windows服务器计算机上用ssl配置了tomcat.

2.Configured tomcat with ssl on the same windows server machine.

3.配置正确，可通过https访问openam网址.

3.It is configured correctly and openam url is accessible with https.

4.在另一台是ubuntu机器的机器上安装了openam客户端sdk，我正尝试从该ubuntu机器登录到openam服务器

4.Installed openam client sdk on another machine which is ubuntu machine and from that ubuntu machin i am trying to login to openam server using

        AuthContext lc = new AuthContext("/","https://server.ensarm.com:8443/openam/namingservice");
        AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
        lc.login(indexType, "DataStore");
        return lc;

但是我遇到以下异常:

ERROR: Naming service connection failed for https://server.ensarm.com:8443/openam/namingservice
com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我不明白可能是什么问题，这是由于我的Java密钥库(需要ssl配置)在Windows服务器计算机上，而我在ubuntu机器上没有密钥库，

I didn't understand what could be the problem.Is it due to to my java keystore (needed for ssl configuration) is on windows server machine and i have no keystore on ubuntu machine,

OR

需要将密钥库导入到ubuntu计算机中.?请任何人都可以帮助我摆脱困境.

need to import keystore into ubuntu machine.?? Please can anyone help me to get out of this.

推荐答案

" javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:" 这意味着服务器没有来自授权CA的有效证书.

"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:" It means the server does not have a valid certificate from an Authorized CA.

您正面临此异常，因为您尝试通过SSL(https)连接.您需要将服务器证书导入JRE KeyStore.

You are facing this exception because you are try to connect through SSL (https). You would need to import the server certificate into the JRE KeyStore.

执行以下步骤来解决它:

Perform the following steps to resolve it:

获取证书:输入URL(例如 https://server.ensarm.com:8443 /openam/namingservice ).

Getting the certificate: Type the URL (e.g. https://server.ensarm.com:8443/openam/namingservice) in your browser.

1. 您现在可能会看到一个对话框，警告您有关证书的信息.现在，单击查看证书"并安装证书.忽略任何警告消息.
2. 下一步将是安装导出证书并将其安装在jre密钥库中.使用keytool证书管理实用程序来执行此http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html.
3. 导出证书:转到工具"->"Internet选项"->内容"->证书".打开证书后，在受信任的根证书颁发机构"下找到刚刚安装的证书.选择正确的证书，然后单击导出".您现在可以将其(DER编码的二进制文件)保存为mycert.cer.
4. 转到JRE \ BIN，然后使用keytool -import命令将文件导入到cacerts密钥库中. 例如. keytool --import -alias MYCA -keystore .. \ lib \ security \ cacerts -file c:\ mycert.cer. 输入密钥库密码:(默认情况下为"changeit".)在提示中输入是".
5. 运行命令keytool -list -keystore .. \ lib \ security \ cacerts.现在，您将看到所有证书的列表，包括刚刚添加的证书.

1. You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
2. Next step would be to install export the certificate and installing it in the jre keystore. Use keytool certificate management utility to perform thishttp://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html .
3. Exporting certificate: Go to Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) as e.g. mycert.cer.
4. Go to JRE\BIN and use the keytool -import command to import the file into your cacerts keystore. E.g. keytool --import -alias MYCA -keystore ..\lib\security\cacerts -file c:\mycert.cer. Enter keystore password: (by default it will be "changeit").Input "yes" to the prompts.
5. Run command keytool -list -keystore ..\lib\security\cacerts . You will now see a list of all the certificates including the one you just added.

这篇关于com.iplanet.services.comm.client.SendRequestException:sun.security.validator.ValidatorException:PKIX路径构建失败:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！