1. 首頁
  2. 問答
  3. PKIX路徑建設失敗:sun.security.provider.certpath.SunCertPathBuilderException:無法找到請求的目標

PKIX路徑建設失敗:sun.security.provider.certpath.SunCertPathBuilderException:無法找到請求的目標

2013-02-18 566 views
6

我提出Web服務調用直通到Tomcat 7.x的PKIX路徑建設失敗:sun.security.provider.certpath.SunCertPathBuilderException:無法找到請求的目標

TLS連接(HTTPS)雖然調用有效證書路徑WebService,我收到以下錯誤。會有什麼問題?我曾嘗試創建證書和CA.

僅供參考 - https://sites.google.com/site/ddmwsst/create-your-own-certificate-and-ca

我導入CA證書等證書,仍然我得到這個問題。請指教。

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MyService?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) 
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) 
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) 
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262) 
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205) 
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92) 
... 37 more 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) 
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632) 
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189) 
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799) 
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) 
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) 
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237) 
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300) 
    ... 43 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
    at sun.security.validator.Validator.validate(Validator.java:260) 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) 
    ... 61 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

我正在通過本地創建來測試證書。所以我遵循了這些步驟。

密鑰>密鑰工具-genkey -alias TLS -keystore TLSKeyStore.jks -keyalg RSA -sigalg SHA1withRSA 密鑰>密鑰工具-export -alias TLS -file TLS.cer -keystore TLSKeyStore.jks 密鑰>密鑰工具-certreq -alias TLS -keystore TLSKeyStore.jks -file TLS.csr

CA>設置RANDFILE = RAND

CA> OpenSSL的REQ -new -keyout TLSkey.pem -out TLSreq.pem -config C:\ OpenSSL的-Win64的\ bin \ openssl.cfg

CA> openssl x509 -signkey TLSkey.pem -req -days 3650 -in TLSreq.pem -out TLSroot.cer -extensions v3_ca

CA> OpenSSL的X​​509 -CA TLSroot.cer -CAkey TLSkey.pem -CAserial serial.txt -req -in ../Keys/TLS.csr -out ../Keys/TLSTestCA.cer -days 365

密鑰>密鑰工具-import -alias TLSCA -file ../CA/TLSroot.cer -keystore TLSKeyStore.jks 密鑰>密鑰工具-import -alias TLS -file TLSTestCA.cer -keystore TLSKeyStore.jks

來源

2013-02-18 Sriks

回答

4

最後我有辦法解決這個問題。

請在此鏈接中輸入InstallCert.java。通過傳遞參數localhost:9443和Program創建jssecacerts文件在eclipse下運行該程序作爲Standalone。 將這個jssecacerts文件複製到您的JDK_HOME \ jre \ lib \ security \文件夾中。這應該可以解決問題

快樂TLS設置!

來源

2013-02-19 21:28:04 Sriks

+2

該程序的稍微修改版本可在http://infposs.blogspot.it/2013/06/installcert-and-java-7.html獲得 它解決了Java 7中的問題(第二次運行InstallCert時檢查證書是否已正確安裝,爲UnsupportedOperationExcetpion)。 – Pino 2014-02-12 12:06:11

3

下面是如何導入證書,以解決以下錯誤整體摘要:

Error while trying to execute request. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

如何導入證書

  1. 轉到在瀏覽器中的網址,點擊HTTPS證書鏈(URL地址旁邊的小鎖符號)至導出證書
    • 點擊「更多信息」>「安全」>「顯示證書」>「詳細信息」>「導出..」。
    • 另存爲.der
    • 重複以上步驟,你需要導入
  2. 找到$ JAVA_HOME/JRE/lib/security中/ cacerts的

  3. 導入所有* .der文件任何證書使用以下方法將其轉換爲cacerts文件:

    sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der 
sudo keytool -import -alias mysiteprod -keystore $JAVA_HOME/jre/lib/security/cacerts -file prod.der 
sudo keytool -import -alias mysitedev -keystore $JAVA_HOME/jre/lib/security/cacerts -file dev.der

  4. 的默認密鑰庫密碼是「的changeit」

  5. 您可以查看您使用此命令,顯示證書指紋所做的更改。

    keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

  6. 如果這不能解決問題,請嘗試將這些Java選項參數:

    -Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts" 
-Djavax.net.ssl.trustStorePassword="changeit"

我的猜測是,你可能已經錯過了一步。我有同樣的錯誤,直到我意識到我導入了錯誤的證書

來源

2016-10-18 17:51:58 Kayvar

相關問題

 相關問題