无法找到请求的目标 PKIX 路径构建的有效证书路径失败:sun.security.provider.certpath.SunCertPathBuilderException

Posted

技术标签:

【中文标题】无法找到请求的目标 PKIX 路径构建的有效证书路径失败:sun.security.provider.certpath.SunCertPathBuilderException【英文标题】:unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException 【发布时间】:2018-04-23 09:16:34 【问题描述】:

我创建了一个自定义密钥库文件 xyz.jsk,当我尝试使用此文件时出现异常

org.springframework.web.client.ResourceAccessException: I/O 错误 POST 请求:sun.security.validator.ValidatorException: PKIX 路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效认证路径;嵌套异常是 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX 路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到请求目标的有效认证路径

   String keyStorePassword = "NEWPASSWORD";
     KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
     ClassLoader classLoader = getClass().getClassLoader();
    //  File file = new 
   File(classLoader.getResource(keyStoreFile).getFile());

     File file = new File(dir, "xyz.jks");;


    keyStore.load(new FileInputStream(file), 
    keyStorePassword.toCharArray());

    SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
            new SSLContextBuilder()
                    .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                    .loadKeyMaterial(keyStore, keyStorePassword.toCharArray())
                    .build(),
            NoopHostnameVerifier.INSTANCE);

    HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();

        HttpComponentsClientHttpRequestFactory httpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
        restTemplate.setRequestFactory(httpRequestFactory);

    ((HttpComponentsClientHttpRequestFactory) restTemplate.getRequestFactory())
            .setConnectTimeout(Integer.parseInt(strTimeOut));
    ResponseEntity<String> responseEntity = restTemplate.exchange(urlPath, HttpMethod.POST, entity, clazz);

【问题讨论】:

【参考方案1】:

证书解决方案的程序化解决方案 请查看以下导入:-

import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;

现在的功能

ClientConfig clientConfig = getClientConfig();

TrustManager[] trustAllCerts = new TrustManager[]  new X509TrustManager() 
public X509Certificate[] getAcceptedIssuers() 
    return null;


public void checkClientTrusted(X509Certificate[] certs, String authType) 


public void checkServerTrusted(X509Certificate[] certs, String authType) 

 ;
SSLContext sc = null;
try 
    sc = SSLContext.getInstance("TLS");
    sc.init(null, trustAllCerts, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
     catch (Exception e) 
    // do nothing
    

    Client client = ClientBuilder.newBuilder().withConfig(clientConfig).sslContext(sc).hostnameVerifier((s1, s2) -> true)
    .build();

【讨论】:

以上是关于无法找到请求的目标 PKIX 路径构建的有效证书路径失败:sun.security.provider.certpath.SunCertPathBuilderException的主要内容,如果未能解决你的问题,请参考以下文章

“PKIX 路径构建失败”和“无法找到请求目标的有效证书路径”

“PKIX 路径构建失败:无法找到请求目标的有效证书路径”仅在发布版本中

javax.mail.MessagingException:PKIX 路径构建失败:SunCertPathBuilderException:无法找到请求目标的有效证书路径;

无法找到请求的目标 PKIX 路径构建的有效证书路径失败:sun.security.provider.certpath.SunCertPathBuilderException

获取 sbt 插件时“PKIX 路径构建失败”和“无法找到请求目标的有效认证路径”

动物园管理员法定人数。 PKIX 路径构建失败。找不到到所请求目标的有效证书路径