javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败 [英] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
问题描述
我正在使用java应用程序检查url connrectivity,对于某些url(内部)应用程序url,我得到200(成功),对于其他人我得到以下异常。
i am using java application to check the url connrectivity, for the some url (internal) application url, i am getting 200 (success), for the others i am getting the below exception.
但如果我手动连接到以下网址,没有问题,我需要pki证书。
需要你的帮助。
but if i manually connect to the below url , no issues on that, do i need pki certificates. need your help.
http://pns15a-0215.corpny.com:21212/Mngr 200 OK OK
http://pns15a-0215.corpny.com:21212/Mngr 200 OK OK
https://tantex.intra.net/Mngr/
异常消息:
sun.security.validator.ValidatorException: PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
Exception message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security中找到所请求目标的有效证书路径。 ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java) :1884)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker。 java:1341)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
log.info("testing the httpurlconnection for url:" + strUrl );
url = new URL(strUrl);
urlConn = (HttpURLConnection) url.openConnection();
urlConn.connect();
if (urlConn.getResponseCode() == HttpURLConnection.HTTP_OK )
{
log.info("url http connection is sucessfull");
//append the response status
urlResponseStatus = "OK";
}
else
{
log.info("url http connection failure, response code:" + urlConn.getResponseCode());
//append the response status
urlResponseStatus = "NOT OK";
}
urlResponseCode = urlConn.getResponseCode();
urlResponseMessage = urlConn.getResponseMessage();
推荐答案
Java不信任SSL证书。证书可以是自签名的,也可以由其根证书不在Java证书库中的CA(证书颁发机构)签名。
The SSL certificate isn't trusted by Java. The certificate may be self-signed, or it may be signed by a CA (Certificate Authority) whose root certificate is not in the Java certificate store.
添加代码以信任主机提供的证书。在使用URL之前导入证书。
Add the code to trust the certificate provided by host. Import the certificate before consuming the URL.
只需添加以下代码即可信任证书
Just add below code to trust the certificate
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
// Add your code below
这篇关于javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
