无法找到请求目标的有效证书路径 - 即使在导入证书后也会出错 [英] Unable to find valid certification path to requested target - error even after cert imported
问题描述
我有一个 Java 客户端尝试使用自签名证书访问服务器.
I have a Java client trying to access a server with a self-signed certificate.
当我尝试发布到服务器时,出现以下错误:
When I try to Post to the server, I get the following error:
无法找到到请求目标的有效认证路径
unable to find valid certification path to requested target
在对这个问题做了一些研究之后,我做了以下事情.
Having done some research on the issue, I then did the following.
- 将我的服务器域名保存为
root.cer
文件. - 在我的 Glassfish 服务器的 JRE 中,我运行了这个:
keytool -import -alias 示例 -keystore cacerts -file root.cer
- 为了检查证书是否成功添加到我的 cacert,我这样做了:
keytool -list -v -keystore cacerts
我可以看到证书存在. - 然后我重新启动了 Glassfish 并取消了帖子".
我仍然遇到同样的错误.
I am still getting thesame error.
我有一种感觉,这是因为我的 Glassfish 实际上并没有读取我修改过的 cacert 文件,而可能是其他一些文件.
I have a feeling this is because my Glassfish is not actually reading the cacert file that I have amended but maybe some other one.
你们中有没有人遇到过这个问题并且可以将我推向正确的方向?
Have any of you had this issue and can push me in the right direction?
推荐答案
不幸的是 - 它可能有很多东西 - 许多应用服务器和其他 Java 'wrappers' 很容易玩弄属性和他们'自己'的钥匙串什么不是.所以它可能正在寻找完全不同的东西.
Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.
缺乏桁架 - 我会尝试:
Short of truss-ing - I'd try:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...
看看是否有帮助.除了全部",还可以将其设置为ssl"、密钥管理器和信任管理器——这可能对您的情况有所帮助.将其设置为帮助"将在大多数平台上列出如下内容.
to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.
无论如何 - 务必确保您完全了解密钥库(您拥有用于证明自己身份的私钥和证书)和信任库(决定您信任谁)之间的区别 - 以及您的自己的身份也有一个到根的信任链"——它与任何到根的链都是分开的,你需要弄清楚你信任的谁".
Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
来源:# 参见 http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug
这篇关于无法找到请求目标的有效证书路径 - 即使在导入证书后也会出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!