unable to find valid certification path to requested target

Posted 叫我姜同学

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了unable to find valid certification path to requested target相关的知识,希望对你有一定的参考价值。

unable to find valid certification path to requested target

unable to find valid certification path to requested target

1.问题描述

很诡异的问题,虽然解决了,但是没找到原因,如果看到这篇文章的大佬们知道原因,可以评论区留个言!

项目中要上传文件,这时就会访问oss的地址,然后遇到了unable to find valid certification path to requested target问题,如下图

如果是第一次访问就遇到这个问题,可能会考虑是代码问题或其他问题,但我之前一直没啥问题,这突然就来个这个,有点想不通,现在只能怀疑是网络问题,因为最近做了变化的就只有网络;哦不对,对JDK的环境变量也做了修改,这个可能性也比较大,不知道啥原因…

2. 解决方案

遇到问题没关系,解决就好了!

通过报错定位到问题就是在上传文件时出现的, 那这个报错是因为缺少认证,所以解决办法就是添加一个文件存储地址的认证就好了。所以,这里如果你是访问其他地址出现的问题,那直接添加该地址的认证就好了

3. 具体步骤
1.新建文件 InstallCert.java,将下面内容复制到该文件
/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
 
public class InstallCert 
 
	public static void main(String[] args) throws Exception 
		String host;
		int port;
		char[] passphrase;
		if ((args.length == 1) || (args.length == 2)) 
			String[] c = args[0].split(":");
			host = c[0];
			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
			String p = (args.length == 1) ? "changeit" : args[1];
			passphrase = p.toCharArray();
		 else 
			System.out
					.println("Usage: java InstallCert <host>[:port] [passphrase]");
			return;
		
 
		File file = new File("jssecacerts");
		if (file.isFile() == false) 
			char SEP = File.separatorChar;
			File dir = new File(System.getProperty("java.home") + SEP + "lib"
					+ SEP + "security");
			file = new File(dir, "jssecacerts");
			if (file.isFile() == false) 
				file = new File(dir, "cacerts");
			
		
		System.out.println("Loading KeyStore " + file + "...");
		InputStream in = new FileInputStream(file);
		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
		ks.load(in, passphrase);
		in.close();
 
		SSLContext context = SSLContext.getInstance("TLS");
		TrustManagerFactory tmf = TrustManagerFactory
				.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(ks);
		X509TrustManager defaultTrustManager = (X509TrustManager) tmf
				.getTrustManagers()[0];
		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
		context.init(null, new TrustManager[]  tm , null);
		SSLSocketFactory factory = context.getSocketFactory();
 
		System.out
				.println("Opening connection to " + host + ":" + port + "...");
		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
		socket.setSoTimeout(10000);
		try 
			System.out.println("Starting SSL handshake...");
			socket.startHandshake();
			socket.close();
			System.out.println();
			System.out.println("No errors, certificate is already trusted");
		 catch (SSLException e) 
			System.out.println();
			e.printStackTrace(System.out);
		
 
		X509Certificate[] chain = tm.chain;
		if (chain == null) 
			System.out.println("Could not obtain server certificate chain");
			return;
		
 
		BufferedReader reader = new BufferedReader(new InputStreamReader(
				System.in));
 
		System.out.println();
		System.out.println("Server sent " + chain.length + " certificate(s):");
		System.out.println();
		MessageDigest sha1 = MessageDigest.getInstance("SHA1");
		MessageDigest md5 = MessageDigest.getInstance("MD5");
		for (int i = 0; i < chain.length; i++) 
			X509Certificate cert = chain[i];
			System.out.println(" " + (i + 1) + " Subject "
					+ cert.getSubjectDN());
			System.out.println("   Issuer  " + cert.getIssuerDN());
			sha1.update(cert.getEncoded());
			System.out.println("   sha1    " + toHexString(sha1.digest()));
			md5.update(cert.getEncoded());
			System.out.println("   md5     " + toHexString(md5.digest()));
			System.out.println();
		
 
		System.out
				.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
		String line = reader.readLine().trim();
		int k;
		try 
			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
		 catch (NumberFormatException e) 
			System.out.println("KeyStore not changed");
			return;
		
 
		X509Certificate cert = chain[k];
		String alias = host + "-" + (k + 1);
		ks.setCertificateEntry(alias, cert);
 
		OutputStream out = new FileOutputStream("jssecacerts");
		ks.store(out, passphrase);
		out.close();
 
		System.out.println();
		System.out.println(cert);
		System.out.println();
		System.out
				.println("Added certificate to keystore 'jssecacerts' using alias '"
						+ alias + "'");
	
 
	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
	private static String toHexString(byte[] bytes) 
		StringBuilder sb = new StringBuilder(bytes.length * 3);
		for (int b : bytes) 
			b &= 0xff;
			sb.append(HEXDIGITS[b >> 4]);
			sb.append(HEXDIGITS[b & 15]);
			sb.append(' ');
		
		return sb.toString();
	
 
	private static class SavingTrustManager implements X509TrustManager 
 
		private final X509TrustManager tm;
		private X509Certificate[] chain;
 
		SavingTrustManager(X509TrustManager tm) 
			this.tm = tm;
		
 
		public X509Certificate[] getAcceptedIssuers() 
			throw new UnsupportedOperationException();
		
 
		public void checkClientTrusted(X509Certificate[] chain, String authType)
				throws CertificateException 
			throw new UnsupportedOperationException();
		
 
		public void checkServerTrusted(X509Certificate[] chain, String authType)
				throws CertificateException 
			this.chain = chain;
			tm.checkServerTrusted(chain, authType);
		
	
 

2. 在该文件所在文件夹内,打开shell

可通过在文件所在文件内,按住shift,然后右键选择 在终端中打开, 如果是其他系统,是在此处打开PowerShell

也可以通过cmd使用命令行到达该目录

3.编译 InstallCert.java文件

命令: javac InstallCert.java, 编译通过后,会发现文件内多了.class文件

4. 执行程序

命令: java InstallCert xxx.com

注: 这里的 xxx.com是你要添加认证的地址(hostname),可自定义,例如 www.baidu.com, weibo.com

执行上述命令后,会出现上图异常,会让你输入 [1]qq是退出,直接输入1即可!

输入完 1 , 回车执行,执行完成图片如下:

5. 生成文件,复制到 执行目录下

执行结束后,会自动生成 jssecacerts文件,如下图

将改文件复制到你 JDK下的 \\jre\\lib\\security目录下,如下图

6. 重启项目服务,再次执行,问题解决

IDEA unable to find valid certification path to requested target

一、报错

Could not transfer artifact org.apache.maven.plugins:maven-install-plugin:pom:2.4 from/to alimaven (https://maven.aliyun.com/repository/central): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

二、解决

添加参数

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

技术图片

以上是关于unable to find valid certification path to requested target的主要内容,如果未能解决你的问题,请参考以下文章

IDEA unable to find valid certification path to requested target

unable to find valid certification path to requested target

已解决Https请求报错:unable to find valid certification path to requested target

已解决Https请求报错:unable to find valid certification path to requested target

已解决Https请求报错:unable to find valid certification path to requested target

请求https错误: unable to find valid certification path to requested target