sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径 [英] sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
问题描述
我在Apache Tomcat 7上拥有一个Web应用程序,并且在我的Web应用程序上具有不受信任的证书.我的Web应用程序必须与使用https的另一个Web应用程序进行通信.但是我总是会遇到这种异常:
I am having a web application on Apache Tomcat 7 and I have untrusted certificate on my web application. My web application has to communicate with another web application that is using https. However I always get this exception:
无法建立连接:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径>
我从另一个应用程序从浏览器中下载了crt文件,并导入了tomcat服务器的jks密钥库中.
I download the crt files from the browser from another application and I imported in jks keystore of my tomcat server.
这是server.xml文件中的配置:
Here is the configuration from server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="/opt/apache/apache-tomcat-7.0.55-test/conf/portalnew.jks" keystorePass="changeit" keyAlias="portalnew"/>
当我输入
keytool -list -v -keystore portalnew.jks
我可以看到已添加的crt文件.
I can see the crt files that I have added.
我也将crt文件添加到cacerts.jks
Also I added the crt files in cacerts.jks
推荐答案
您需要配置tomcat使其信任此证书.可以通过以下方式实现:
You need to configure your tomcat to trust this certificates. That could be achived by:
- 创建新的Java密钥库(可以通过以下名称命名:tomcat.truststore)
- 将所有必要的证书导入到tomcat.truststore
-
在tomcat连接器-server.xml文件中添加其他属性
- create new java keystore (could be named by: tomcat.truststore)
- import all necessary certificates to the tomcat.truststore
add additional attributes in tomcat connector - server.xml file
truststoreFile="conf/store/tomcat.truststore" truststorePass="TruststorePassword"
在您的CATALINA_OPTS变量中添加:
in your CATALINA_OPTS variable add:
-Djavax.net.ssl.trustStore=/opt/tomcat/conf/store/tomcat.truststore -Djavax.net.ssl.trustStorePassword=TruststorePassword
在以上命令中将密码调整为
- 重新启动tomcat
这篇关于sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!