PKIX路径建设失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的认证路径请求的目标 [英] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
问题描述
我在做Web服务调用直通到Tomcat 7.x的TLS连接(HTTPS)
I am making Webservice call thru TLS connection(https) in Tomcat 7.x
虽然调用WebService的,我得到下面的错误。会是什么问题?我曾尝试创建证书和CA。
While calling the WebService, I am getting following Error. What would be the issue? I have tried creating Certificates and CA.
仅供参考 - https://sites.google。 COM /网站/ ddmwsst /创建-你自己的证书和CA
我导入CA证书等证书,仍然我得到这个问题。请指点。
I imported CA certificate and other certificates and still I am getting this issue. Please advice.
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MyService?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92)
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 61 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
我对本地创建测试证书。于是我跟着这些步骤。
I am testing Certificates by creating locally. So I followed these steps.
键>的keytool -genkey -alias -keystore TLS TLSKeyStore.jks -keyalg RSA -sigalg SHA1withRSA
按键>的keytool -export -alias -file TLS -keystore TLS.cer TLSKeyStore.jks
按键>的keytool -certreq -alias -keystore TLS -file TLSKeyStore.jks TLS.csr
Keys>keytool -genkey -alias TLS -keystore TLSKeyStore.jks -keyalg RSA -sigalg SHA1withRSA Keys>keytool -export -alias TLS -file TLS.cer -keystore TLSKeyStore.jks Keys>keytool -certreq -alias TLS -keystore TLSKeyStore.jks -file TLS.csr
CA>设置RANDFILE =兰特
CA>set RANDFILE=rand
CA> OpenSSL的REQ -new -keyout TLSkey.pem退房手续TLSreq.pem -config C:\\ OpenSSL的 - Win64的\\斌\\ openssl.cfg
CA>openssl req -new -keyout TLSkey.pem -out TLSreq.pem -config C:\OpenSSL-Win64\bin\openssl.cfg
CA> OpenSSL的X509 -signkey TLSkey.pem -req -days 3650 -in TLSreq.pem退房手续TLSroot.cer -Extensions v3_ca
CA>openssl x509 -signkey TLSkey.pem -req -days 3650 -in TLSreq.pem -out TLSroot.cer -extensions v3_ca
CA> OpenSSL的X509 -CA TLSroot.cer -CAkey TLSkey.pem -CAserial serial.txt -req -in ../Keys/TLS.csr退房手续../Keys/TLSTestCA.cer -days 365
CA>openssl x509 -CA TLSroot.cer -CAkey TLSkey.pem -CAserial serial.txt -req -in ../Keys/TLS.csr -out ../Keys/TLSTestCA.cer -days 365
键>的keytool -import -alias -file TLSCA -keystore ../CA/TLSroot.cer TLSKeyStore.jks
按键>的keytool -import -alias -file TLS -keystore TLSTestCA.cer TLSKeyStore.jks
Keys>keytool -import -alias TLSCA -file ../CA/TLSroot.cer -keystore TLSKeyStore.jks Keys>keytool -import -alias TLS -file TLSTestCA.cer -keystore TLSKeyStore.jks
推荐答案
最后我得到了解决这个问题的方式。
Finally I got the way to solve this issue.
在这个链接请参阅此 InstallCert.java 。 9443 并计划创建的 jssecacerts 下的月食文件:通过传递参数作为本地主机运行该程序作为独立。
复制此 jssecacerts 文件到您的JDK_HOME \\ JRE \\ lib \\ security中\\文件夹中。这应该解决这一问题。
Refer this InstallCert.java in this link. Run this program as Standalone by passing arguments as localhost:9443 and Program creates jssecacerts file under eclipse. Copy this jssecacerts file into your JDK_HOME\jre\lib\security\ folder. That should solve the issue
快乐TLS设置!
这篇关于PKIX路径建设失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到有效的认证路径请求的目标的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
