为什么根证书不受Java客户端信任，即使它已经在cacerts密钥存储中 [英] Why a root certificate is not trusted by java client, even though it is already in the cacerts key store

问题描述

在我的java项目中调用Web服务时遇到问题。 Web服务客户端在WebSphere 7中部署的java ee应用程序中运行。SSL证书链具有Go Daddy Class 2证书颁发机构的根证书。我确实看到它在WebsPhere JVM文件夹下的cacerts文件，但我不断得到不受信任的证书错误：

I am experiencing an issue when calling web service in my java project. The web service client is running in an java ee application deployed in WebSphere 7. The SSL certificate chain is having the root certificate of Go Daddy Class 2 Certificate Authority. and I do see it in the cacerts file under the WebsPhere JVM folder, but I am keeping getting untrusted certificate error:

java.security.cert.CertPathValidatorException: The certificate issued by OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error

出了为什么得到这个错误，以及我如何可以解决这个问题。请帮助我。

Cant figure out why getting this error, and how I can resolve this issue. Please help me.

1. Web服务在服务器A中运行，客户端在我的计算机上运行时运行良好，cacerts我的机器包括该根证书。


2. 当客户端与Web应用程序部署到服务器A上时，它不工作。


3. 当客户端和web服务部署到使用VeriSign证书链运行的其他env上时，它也可以正常工作。

感谢

推荐答案

链接错误

Chaining error

您没有正确导入链接，或者有错误。我使用GoDaddy证书，我不会得到链接错误，因此更有可能是前者。

You haven't imported the chain correctly, or there is something wrong with it. I use GoDaddy certificates and I don't get chaining errors, so it is more likely the former.

这篇关于为什么根证书不受Java客户端信任，即使它已经在cacerts密钥存储中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！