Apache HttpClient异常PKIX路径构建失败[重复]

Posted

技术标签:

【中文标题】Apache HttpClient异常PKIX路径构建失败[重复]【英文标题】:Apache HttpClient exception PKIX path building failed [duplicate] 【发布时间】:2013-12-02 02:07:08 【问题描述】:

我正在创建一个自动登录网站并执行一些任务的应用程序,我不知道为什么当我尝试在 https 页面中执行 get 时出现此异常

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:261)
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:357)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:218)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:214)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:160)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:136)
    at com.paclabs.appmaker.componentes.web.AdsKeyCreator.createAppStartApp(AdsKeyCreator.java:154)
    at com.paclabs.appmaker.core.Main.main(Main.java:80)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 29 more

这是产生此异常的代码:

htmlResponseHandler handler = new HtmlResponseHandler(httpClient);
HttpGet indexLogin = new   HttpGet
                     ("https://developers.startapp.com/General/Login.aspx");
String retorno = httpClient.execute(indexLogin,handler);
Document doc = Jsoup.parse(retorno);

我只想用HttpClient做一个简单的get请求,怎么办?

【问题讨论】:

你的 JVM 中没有 SSL 证书,看看这个:***.com/questions/1828775/… 我认为这是***.com/questions/2703161/… 的欺骗,而不是链接... 【参考方案1】:

解决问题的最简单(且不安全)的方法是忽略 SSL 证书错误将 false 传递给 validateTLSCertificates 方法:

Jsoup
    .connect("https://developers.startapp.com/General/Login.aspx")
    .validateTLSCertificates(false)
    .execute();

【讨论】:

【参考方案2】:

忽略证书或使用 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER,您的证书似乎是自签名的

【讨论】:

ALLOW_ALL_HOSTNAME_VERIFIER 与接受自签名证书无关。

以上是关于Apache HttpClient异常PKIX路径构建失败[重复]的主要内容,如果未能解决你的问题,请参考以下文章

sun.security.validator.ValidatorException 的 JDBC 异常:PKIX 路径构建失败

Centos 7 中的 PKIX 路径构建失败

建立 SSL 连接时,PKIX 路径构建失败

Maven 打包报错sun.security.validator.ValidatorException: PKIX path

如何忽略 PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException?

找不到 PropertySource:Spring Cloud 配置 URL 的 PKIX 路径构建失败