看到SSLFactory使用的密钥库了吗?异常:"sun .... certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径" [英] See keystore used by SSLFactory? Exception: "sun....certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

问题描述

Authorize.net更新了他们的生产证书，现在我们的SSL代码正在生成以下异常:

Authorize.net updated their production certificates, and now our SSL code is generating the following exception:

Exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

根据

According to this blog post from Authorize.net, we need to install new root certs on our server. We did this, but the exception persists. So now the suspicion is that new certs weren't installed to the right keystore. How do we see which keystore is being used by the code?

这是下面的代码:

SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(addr,443);

是的，我们应该改用Stripe，但是这个网站是在Stripe出现之前很久才建立的.:(

And yes, we should use Stripe instead, but this site was built long before Stripe came around. :(

推荐答案

解决方案是将该证书添加到java cacerts文件中，以便使其永久被接受.

Solution is to add that certificate to java cacerts file so that it got permanently accepted.

第1步:获取 https://www.wikipedia.org 的根证书(或您提供的任何网址)要访问)

Step 1 : Get root certificate of https://www.wikipedia.org (or any url you want to access)

1. 在Chrome浏览器中打开 https://www.wikipedia.org .
2. 在地址栏旁边找到锁定"符号，然后单击它.
3. 查看详细信息
4. 单击层次结构上最上面的证书，并确认它带有根CA短语.
5. 拖放您在桌面上看到的书面证书的图像.

就是这样！您已经获得了根证书！

Thats it! you got your root certificate!

第2步:将该证书添加到java cacerts文件中.

Step 2 : Get that certificate added to java cacerts file.

1. 在jre bin文件夹中使用keytool.exe.
2. 执行以下命令以将证书放入cacerts文件中

keytool –导入–noprompt –trustcacerts –alias ALIASNAME-文件/PATH/TO/您的/DESKTOP/CertificateName.cer -keystore/PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit

keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit

就是这样！您的问题得到解决.

That is it! you got your problem resolved.

请注意

1. 请确认正在执行步骤2的jre发生了此PKIX错误(KAFKA使用的JRE).如果尝试其他jre问题，则保持原样.

1. Do confirm that the jre which is giving you this PKIX error(JRE used by KAFKA) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.

请仅在JDK内部使用一个jre，这样可以减少出现问题的机会.

Do use only one jre which is inside JDK it decreases chance to have issues.

这篇关于看到SSLFactory使用的密钥库了吗?异常:"sun .... certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！