得到错误:PKIX路径构建失败:无法找到到请求目标的有效证书路径 [英] Getting error: PKIX path building failed: unable to find valid certification path to requested target

问题描述

我正在尝试通过Web服务将xml发送到另一个系统.但是，在尝试发送时，出现以下错误.我已经安装了他们给我的证书.但仍然无法正常工作.

I'm trying to send a xml to another system via web service. But while trying to send i'm getting the following error. I've installed the certificate they gave to me. but still its not working.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

推荐答案

此错误可能有两个来源:

There are two possible sources for this error:

• 另一方使用的是真正不受信任的证书(自签名或由不受信任的CA签名)，
• 或另一侧没有发送证书验证链(例如，在通往受信任CA的过程中存在中间签名证书，但是SSL握手中没有此证书).

第一种情况的解决方案是将不受信任的CA(或证书本身)添加到您的JRE信任库(${java.home}/lib/security/cacerts)或更高版本中-创建您自己的信任库(在升级Java时不会删除)并将其提供给您的应用程序通过 javax.net.ssl.trustStore JVM属性.

Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore JVM property.

第二种情况下的解决方案是采用第一种情况下的解决方案，或者更好-劝说另一方发送正确的证书链.

Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.

这篇关于得到错误:PKIX路径构建失败:无法找到到请求目标的有效证书路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！