无法使用 java 连接到 HTTPS url

Posted

技术标签:

【中文标题】无法使用 java 连接到 HTTPS url【英文标题】:Unable to connect to HTTPS urls using java 【发布时间】:2013-05-19 10:03:02 【问题描述】:

我想使用 java 读取安全 url (HTTPS)。 我正在尝试以下。它给了我

public static void main(String[] arg) 
    try 
        URL url = new URL("http://www.google.com");
        System.out.println("Connecting to www.google.com");
        URLConnection ucon = url.openConnection();
        System.out.println("Connectied to www.google.com");
        System.out.println("Retrieving contents from www.google.com");
        String htmlContents = getResponseData(ucon);
        System.out.println("Retrieved contents from Yahoo! as follows");
        System.out.println(htmlContents);
     catch (Exception e) 
        e.printStackTrace();

这给了我以下输出。

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:960)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    at ReadHtml.getResponseData(ReadHtml.java:24)
    at ReadHtml.main(ReadHtml.java:13)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
    at sun.security.validator.Validator.validate(Validator.java:203)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
    ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    ... 18 more

请给我建议什么可以解决这个错误。 注意:我将无法获得证书。所以请不要在获得安全证书时给出答案。

我们将不胜感激任何形式的指导。 谢谢

【问题讨论】:

你在哪里使用 https ? @Aubin 可能是他没有为我们提供代码的唯一方法:getResponseData(ucon);。 @Chintanboman 还为我们提供了此方法的代码。 @Chintanboman 你需要在这个位置添加证书:%JAVA_HOME%\lib\security\cacerts。 看看this。这可能会有所帮助。 【参考方案1】:

试试这个代码:

public static void main(String[] arg) throws Exception 
    String url = "https://google.com";

    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(null, new TrustManager[]  new TrustManager() , null);
    SSLContext.setDefault(ctx);

    HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();
    conn.setHostnameVerifier(new HostVerifier());
    conn.setRequestMethod("GET");
    conn.connect();
    System.out.println("Response: " + conn.getResponseCode());


private static class HostVerifier implements HostnameVerifier 
    @Override
    public boolean verify(String paramString, SSLSession paramSSLSession) 
     return true;
    


private static class TrustManager implements X509TrustManager 

    @Override
    public X509Certificate[] getAcceptedIssuers() 
    return null;
    

    @Override
    public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
        throws CertificateException 

    

    @Override
    public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
        throws CertificateException

【讨论】:

没有必要完全抛弃安全性。即使他使用自签名证书,他仍然可以执行适当的密钥管理并正确设置信任库。【参考方案2】:

问题似乎是您的信任库中没有该证书,如果您无法将其添加到您的信任库中,请检查此page。

【讨论】:

【参考方案3】:

可以通过配置HostenameVerifierDefaultSSLSocketFactory

来关闭正在运行的进程的验证

见http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/

请注意,这种方法可能会带来安全风险!

【讨论】:

没有必要完全抛弃安全性。即使他使用自签名证书,他仍然可以执行适当的密钥管理并正确设置信任库。

以上是关于无法使用 java 连接到 HTTPS url的主要内容,如果未能解决你的问题,请参考以下文章

无法使用cURL连接到HTTPS站点怎么办

偶尔的 svn:E170013:无法连接到 URL 'https://svn .....' 处的存储库 svn:E730054:运行上下文时出错

无法使用 ngrok 连接到 https://localhost(使用 TLS / SSL)

请求(由 SSLError 引起(“无法连接到 HTTPS URL,因为 SSL 模块不可用。”)PyCharm 请求网站中的错误

无法使用 AS3 连接到 Java 服务器

黑莓手机将无法连接到一些HTTPS的网页。