1. 首頁
  2. 問答
  3. JDK找不到有效的證書路徑

JDK找不到有效的證書路徑

2013-07-31 62 views
0

我有證書問題。這是我的堆棧跟蹤:JDK找不到有效的證書路徑

trustStore is: /usr/user/programs/java/jdk1.7.0_10/jre/lib/security/jssecacerts 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
Subject: EMAILADDRESS=******, CN=865409164, OU=http://www.sistem.net, O=DOO, L=Citluk, ST=Text, C=BA 
Issuer: EMAILADDRESS=***********, CN=ecommtest.rbbh.ba, OU=ITRIOSS.CARD, O=BANK, L=CITY, ST=******, C=BA

算法:RSA;編號:0xf6e5b0e213f9b11b 有效期從週二7月30日14時43分23秒CEST 2013至週三7月30日14時43分23秒CEST 2014

,並在結束時,我得到這個:

*** 
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] 
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown 
main, WRITE: TLSv1 Alert, length = 2 
[Raw write]: length = 7 
0000: 15 03 01 00 02 02 2E        ....... 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLHandshakeException:  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
main, called close() 
main, called closeInternal(true)

我已經獲得certifacte作爲PKCS12,然後我通過jssecacerts中的keytool導入keykey並將其複製到JDK/jre/lib/security

我使用apache HttpClient執行POST請求。

感謝所有幫助

Zlaja

來源

2013-07-31 zlaja

+0

你能澄清你在做什麼嗎?您是否嘗試使用客戶端證書身份驗證?另外,PKCS12不需要導入到jre/lib/security/cacerts中。發行人的證書需要在那裏輸入。 –

+0

我想連接到其他公司的服務器。我有該公司的pkcs12證書。我使用apache HttpClient 4.1進行發佈請求。我嘗試了很多我在互聯網上找到的想法,但沒有成功。 – zlaja

+0

您需要確定頒發者證書,然後我會建議您考慮將PKCS#12和頒發者證書加載到單個JKS密鑰庫中。然後配置套接字工廠以將該存儲用作密鑰庫和信任庫。 –

回答

0

我們已經找到解決方案。這些是步驟:

  1. https://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java運行InstallCert。它會創建jssecacerts。

  2. 備份從JRE/lib/security中你的cacerts

  3. 與jssecacert更換的cacerts

  4. 更改您這樣的代碼:

    val clientStore = KeyStore.getInstance("PKCS12") 

clientStore.load(new FileInputStream("/home/zlaja/Downloads/imakstore_80009164.p12"), "12348765".toCharArray()) 

val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) 
kmf.init(clientStore, "12348765".toCharArray()) 
val kms = kmf.getKeyManagers() 

val trustStore = KeyStore.getInstance("JKS") 

trustStore.load(new FileInputStream("/usr/user/programs/java/jdk1.7.0_10/jre/lib/security/cacerts"), "changeit".toCharArray()) 

val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) 
tmf.init(trustStore) 
val tms = tmf.getTrustManagers() 

val sslContext = SSLContext.getInstance("TLS") 
sslContext.init(kms, tms, new SecureRandom()) 

val schemeRegistry = new SchemeRegistry(); 
schemeRegistry.register(new Scheme("https", new SSLSocketFactory(init), 443)) 

val client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParameters, schemeRegistry), httpParameters);

來源

2013-08-02 09:23:14 zlaja

-1

我有這個問題,以及,但我終於有了一個適用於我的JAX-WS客戶端的解決方案。

在我的情況下,問題是JAX無法在另一個密鑰倉庫中查找,但cacerts,並且我的證書有2個鏈接,無法通過命令行導入到cacerts。

來源

2014-12-15 21:24:26 carlos

相關問題

 相關問題