我試圖檢索使用Java的使用SSL證書的論壇的索引頁:Java「的sun.security.validator.ValidatorException:PKIX路徑建設失敗」證書驗證錯誤
WebClient webClient = new WebClient(...);
HtmlPage sectionPage = webClient.getPage("https://rstforums.com/");
我已經在調用任何與SSL相關的方法之前以編程方式推薦here禁用SNI。在第二次回答this問題,並從this一個我加入論壇的證書,證書列表中的第三:
C:\Program Files\Java\jdk1.8.0_65\jre\lib\security>keytool -import -alias RST_CERT -file forums_certificate -keystore cacerts
其中forums_certificate
包含:
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIQLIJ9H3N2RZkAeZ8Jmma6RzANBgkqhkiG9w0BAQsFADBI
MRswGQYDVQQDExJFU0VUIFNTTCBGaWx0ZXIgQ0ExHDAaBgNVBAoTE0VTRVQsIHNw
b2wuIHMgci4gby4xCzAJBgNVBAYTAlNLMB4XDTE1MTEyNDEyNTI0MFoXDTE2MTEy
NDEyNTMyMlowWjELMAkGA1UEBhMCUk8xGjAYBgNVBAMTEXd3dy5yc3Rmb3J1bXMu
Y29tMS8wLQYJKoZIhvcNAQkBFiByc3Rmb3J1bXMuY29tQGRvbWFpbnNieXByb3h5
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9jSCt9p+g3wdP9
KhmNQuB5NZMlDoL0A5ONzUat5RPf1iQ91+1EWfS1j93X6m5mMSs5+RMc259TjMPv
oxSq9lK7Z0ZwUdHPkjVmMDKOOlho2zh1ZTh7W26dT8UmeuofgFCxaJBuThalWkpg
qT5GgpcuIXWQVlB4vD43/wdPhWFUZ1QhFgK/HppiXVfKNbBRNM69iSbjzkBbstXI
68yLxtbzwOqEdIpJ5CWxQCr0+BCk7SPGHyXbJaVL1SuQ/7Th8PkJd43bBTLsVY5w
WemSZfEoqeCeHUxeMSdMy1FKkUBTlvZBn+KBVUAJ419rE+Jgrp4tikwjJxEjB/Ko
Uwdkb9ECAwEAAaNuMGwwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAd
BgNVHQ4EFgQU9+VnJO4u71+3bAS9hYFiXtzG+FswKwYDVR0RBCQwIoIRd3d3LnJz
dGZvcnVtcy5jb22CDXJzdGZvcnVtcy5jb20wDQYJKoZIhvcNAQELBQADggEBAHxq
icR/mSh0TTQlb6SreCyxNyO4KflAOnp3yFnFStVo7wxI5Ixb2jCUP/IGxSwJeN2p
AEzAWXls9NoMVcEIbIfGcdsvJS1yyh6GeWVzBrMNOde1/2590ipsPKyQAk2j1zPl
96kWnPWTB6DtSbB3AI4dWeawwkh2D5+NL5HMjQwm3Lb3EhKQgBPLboygg12E+JXP
ydZjIZWC/42nN5ZMHXXrGnxac5F3tMwkyng0qDWLpSoa3c3ep43Tgwo08RFuZzuV
7hvvG006M4QMQj/nbQXzhbjko3cRVegvV9xKnNxe5oCArTK5HNkfPhEM/G48ed4h
z99OS5+RiB/NLTfzlPc=
-----END CERTIFICATE-----
證書已經成功添加並出現在列出其條目時的密鑰庫:
rst_cert, Feb 3, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): 25:39:98:FC:FF:DE:2D:24:BC:F0:78:93:D6:2E:5A:55:64:D5:09:8A
當我嘗試重新運行應用程序時一個新的請求,被賦予了同樣的錯誤:
sun.security.validator.ValidatorException: PKIX path building failed: sun.securi
ty.provider.certpath.SunCertPathBuilderException: unable to find valid certifica
tion path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
ava:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
pl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
agerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1491)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBu
ilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
PathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 15 more
我有建議here(下載SSLPoke),但錯誤依然存在。爲什麼證書不被識別?
你使用的是'HtmlUnit'嗎?如果是,爲什麼不禁用/忽略SSL檢查? –
您是否檢查證書的內容?它說「www.rstforums.com」而不是「forum.com」。 –
@ Eng.Fouad我確實禁用了它。 – Sebi