找不到请求目标的有效证书路径 - java

Posted

技术标签:

【中文标题】找不到请求目标的有效证书路径 - java【英文标题】:Unable to find valid certification path to requested target - java 【发布时间】:2015-07-16 16:03:41 【问题描述】:

我正在尝试使用 HttpClient 对象连接到网站。它适用于我们通常使用的网站(如谷歌)。但是有一个网站,当我尝试连接时,我的程序给出了这个错误..

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
....................
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
...............

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 27 more

当我尝试从浏览器访问此网址时,我必须点击仍然继续。否则浏览器不会加载页面。它给出了一个隐私错误,说您的连接不是私密的

如何在我的 java 应用程序中解决这个问题..?我希望我的软件与该 url 连接而不会出现任何错误或不要求任何确认。

【问题讨论】:

这能回答你的问题吗? How to ignore SSL certificate errors in Apache HttpClient 4.0 【参考方案1】:

对于HttpClient4.x,以下将全部信任

public static HttpClientBuilder createTrustAllHttpClientBuilder() 
  SSLContextBuilder builder = new SSLContextBuilder();
  builder.loadTrustMaterial(null, (chain, authType) -> true);           
  SSLConnectionSocketFactory sslsf = new 
  SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
  return HttpClients.custom().setSSLSocketFactory(sslsf);

【讨论】:

什么是chain和authype?【参考方案2】:

当我使用TrustSelfSignedStrategy 对象作为HttpClient 的信任材料时,问题得到了解决。

        httpClient = HttpClients.custom()
            .setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
                    .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                    .build()
                )
            ).build();

我使用的代码如上所示..

【讨论】:

以上是关于找不到请求目标的有效证书路径 - java的主要内容,如果未能解决你的问题,请参考以下文章

JDK找不到有效的认证路径

CertPathValidatorException:找不到证书路径的信任锚 - Retrofit Android

Android java.security.cert.CertPathValidatorException:找不到证书路径的信任锚

带有客户端证书(crt,p12)的 OkHttp:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚

调试 javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚

开启zkserver.sh找不到路径