无法找到所请求目标的有效证书路径 - 即使在导入证书后也会出错 [英] Unable to find valid certification path to requested target - error even after cert imported
问题描述
我有一个Java客户端试图访问带有自签名证书的服务器。
I have a Java client trying to access a server with a self-signed certificate.
当我尝试发布到服务器时,我收到以下错误:
When I try to Post to the server, I get the following error:
无法找到所请求目标的有效证书路径
unable to find valid certification path to requested target
在对此问题进行了一些研究后,我做了以下事情。
Having done some research on the issue, I then did the following.
- 将我的服务器域名保存为root.cer在我的Glassfish服务器的JRE中,我运行了这个:
keytool -import -alias example -keystore cacerts -file root.cer。 - 要检查证书是否已成功添加到我的cacert,我这样做了:
keytool -list -v -keystore cacerts
我可以看到证书存在。 - 然后我重新启动了Glassfish并退出了'post'。
我仍然遇到同样的错误。
I am still getting thesame error.
我有一种感觉这是因为我的Glassfish实际上并没有阅读我修改过的cacert文件但可能有些ot她的一个。
I have a feeling this is because my Glassfish is not actually reading the cacert file that I have amended but maybe some other one.
你们中有没有人遇到过这个问题,可以把我推向正确的方向吗?
Have any of you had this issue and can push me in the right direction?
推荐答案
不幸的是 - 它可能是很多东西 - 许多应用程序服务器和其他java'包装器'都倾向于使用属性和它们对钥匙链的'自己'接受而不是。所以它可能正在寻找完全不同的东西。
Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.
缺少桁架 - 我会尝试:
Short of truss-ing - I'd try:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...
看看是否有帮助。而不是'全部'也可以将其设置为'ssl',密钥管理器和信任管理器 - 这可能对您的情况有所帮助。将其设置为帮助将在大多数平台上列出类似下面的内容。
to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.
无论如何 - 确保您完全理解密钥库(您拥有私有密钥库)之间的区别密钥和证书证明你自己的身份)和信任存储(确定你信任的人) - 以及你自己的身份也对根有一个'信任链' - 这是从任何链到根的独立的事实你需要弄清楚'你信任谁'。
Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
资料来源:#见 http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug
这篇关于无法找到所请求目标的有效证书路径 - 即使在导入证书后也会出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!