无法找到请求目标的有效证书路径 - 即使在导入证书后也会出错 [英] Unable to find valid certification path to requested target - error even after cert imported

查看:48
本文介绍了无法找到请求目标的有效证书路径 - 即使在导入证书后也会出错的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Java 客户端尝试使用自签名证书访问服务器.

I have a Java client trying to access a server with a self-signed certificate.

当我尝试发布到服务器时,出现以下错误:

When I try to Post to the server, I get the following error:

无法找到到请求目标的有效认证路径

unable to find valid certification path to requested target

在对这个问题做了一些研究之后,我做了以下事情.

Having done some research on the issue, I then did the following.

  1. 将我的服务器域名保存为 root.cer 文件.
  2. 在我的 Glassfish 服务器的 JRE 中,我运行了这个:
    keytool -import -alias 示例 -keystore cacerts -file root.cer
  3. 为了检查证书是否成功添加到我的 cacert,我这样做了:
    keytool -list -v -keystore cacerts
    我可以看到证书存在.
  4. 然后我重新启动了 Glassfish 并取消了帖子".

我仍然遇到同样的错误.

I am still getting thesame error.

我有一种感觉,这是因为我的 Glassfish 实际上并没有读取我修改过的 cacert 文件,而可能是其他一些文件.

I have a feeling this is because my Glassfish is not actually reading the cacert file that I have amended but maybe some other one.

你们中有没有人遇到过这个问题并且可以将我推向正确的方向?

Have any of you had this issue and can push me in the right direction?

推荐答案

不幸的是 - 它可能有很多东西 - 许多应用服务器和其他 Java 'wrappers' 很容易玩弄属性和他们'自己'的钥匙串什么不是.所以它可能正在寻找完全不同的东西.

Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.

缺乏桁架 - 我会尝试:

Short of truss-ing - I'd try:

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...

看看是否有帮助.除了全部",还可以将其设置为ssl"、密钥管理器和信任管理器——这可能对您的情况有所帮助.将其设置为帮助"将在大多数平台上列出如下内容.

to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.

无论如何 - 务必确保您完全了解密钥库(您拥有用于证明自己身份的私钥和证书)和信任库(决定您信任谁)之间的区别 - 以及您的自己的身份也有一个到根的信任链"——它与任何到根的链都是分开的,你需要弄清楚你信任的谁".

Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.

all            turn on all debugging
ssl            turn on ssl debugging

The   following can be used with ssl:
    record       enable per-record tracing
    handshake    print each handshake message
    keygen       print key generation data
    session      print session activity
    defaultctx   print default SSL initialization
    sslctx       print SSLContext tracing
    sessioncache print session cache tracing
    keymanager   print key manager tracing
    trustmanager print trust manager tracing
    pluggability print pluggability tracing

    handshake debugging can be widened with:
    data         hex dump of each handshake message
    verbose      verbose handshake message printing

    record debugging can be widened with:
    plaintext    hex dump of record plaintext
    packet       print raw SSL/TLS packets

来源:# 参见 http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug

这篇关于无法找到请求目标的有效证书路径 - 即使在导入证书后也会出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆