将证书添加到Java truststore和Sslhandshake [英] Adding certificate to Java truststore and Sslhandshake
问题描述
我使用Java程序(使用HttpUrlConnection)将http请求发送到网站并从那里下载文件。
网站是https p>
当我尝试运行我的代码时,它会出现异常:
.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的请求目标的认证路径
我试图用我的浏览器(Mozilla)访问这个网站。当我检查证书,有三个证书。网站包含这些证书。
DigiCert高保证EV根CA
-DigiCert高保证CA-3
-thecompanycert(由DigiCert高级保证CA-3颁发)
我用keytool检查我的trustsroe。信任库只有根CA.
是够还是我要导入其他2证书?或只有-thecompanycert?
向Java信任库添加中间证书有什么风险?
我必须这样做吗?
任何人都可以帮助吗?
鉴于CA和中间CA已经存在于最近的Java版本的默认信任库中,因此您不需要导入它们,除非您使用的是较旧的Java版本。在任何情况下,这取决于您信任CA的程度,但Java和大多数浏览器已经信任它。
I sent http request with Java Program (using HttpUrlConnection) to web site and download files from there.
The website is "https" and use certificates.
When I try to run my code it take exception:
cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I tried to go this web site with my Browser(Mozilla).And when I check the certificates,There are three certificates.The site contain these certs.
DigiCert High Assurance EV Root CA
-DigiCert High Assurance CA-3
-thecompanycert (Issued by DigiCert High Assurance CA-3)
And I check my trustsroe with keytool. The truststore only has the Root CA. Is it enough or I have to import the other 2 certificate? Or only -thecompanycert?
What is the risks of adding intermediate certificates to the java truststore? Am I have to do this?
Can anyone help about that?
Given that that CA and intermediate CA are already present in the default truststore in recent Java version you shouldn't need to import them unless you are using an older Java version. In any case it depends on how much you trust the CA but Java and most browsers already trust it.
这篇关于将证书添加到Java truststore和Sslhandshake的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
