解决Java在请求某些不受信任的https网站时会报:PKIX path building failed
来源:互联网 发布:淘宝商品详情api 编辑:程序博客网 时间:2024/06/05 11:35
Java在请求某些不受信任的https网站时会报:
发送GET请求出现异常!javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.pachong.util.http.HttpRequest.sendGet(HttpRequest.java:51)
at com.pachong.util.http.HttpRequest.main(HttpRequest.java:130)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more
解决办法:
1、手动导入证书到本地证书库
2、信任所有SSL证书
最好的解决办法或许是信任所有SSL证书,因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法,在连接openConnection的时候忽略掉证书就行了。
先说第二种 用程序重写方法 信任所有SSL证书新建一个工具类SslUtil.java 在打开连接之前调用此类 ignoreSsl()方法
package SslUtils;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net.ssl.HostnameVerifier;import javax.net.ssl.HttpsURLConnection;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSession;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;public class SslUtil {private static void trustAllHttpsCertificates() throws Exception { TrustManager[] trustAllCerts = new TrustManager[1]; TrustManager tm = new miTM(); trustAllCerts[0] = tm; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, null); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } static class miTM implements TrustManager,X509TrustManager { public X509Certificate[] getAcceptedIssuers() { return null; } public boolean isServerTrusted(X509Certificate[] certs) { return true; } public boolean isClientTrusted(X509Certificate[] certs) { return true; } public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { return; } public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException { return; } } /** * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用 * @throws Exception */ public static void ignoreSsl() throws Exception{ HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost()); return true; } }; trustAllHttpsCertificates(); HttpsURLConnection.setDefaultHostnameVerifier(hv); } }
另外一种方法 导入证书
例如下载360 的安全证书,使用浏览器打开要调用的接口链接:https://api.e.360.cn/account/clientLogin,然后查看证书导出证书到本地,文件名取成 调用api的域名api.e.360.cn
将数字证书保存到jdk1.6.0_17\jre\lib\security, 将该目录下的cacerts 设置成可读写权限。
在该目录下打开cmd 运行
keytool -import -trustcacerts -alias api.e.360.cn -file api.e.360.cn.cer -keystore cacerts -storepass changeit
注意:cacerts 文件的读写权是否有
- 解决Java在请求某些不受信任的https网站时会报:PKIX path building failed
- Java 信任所有SSL证书(解决PKIX path building failed问题)
- Java 信任所有SSL证书(解决PKIX path building failed问题)
- 解决PKIX path building failed的问题
- 解决PKIX path building failed的问题,忽略证书信任问题
- 【fastweixin框架教程3】JAVA进行HTTPS网站访问,PKIX path building failed解决方法
- Java#PKIX path building failed
- https 常见问题一 PKIX path building failed
- 解决PKIX path building failed的问题-验证可以解决问题
- 解决PKIX path building failed的问题-验证可以解决问题
- 解决PKIX path building failed的问题以及示例
- PKIX path building failed
- PKIX path building failed
- PKIX path building failed 的问题
- PKIX path building failed 的问题
- PKIX path building failed 的问题
- 关于PKIX path building failed的问题
- PKIX path validation failed记录java访问https的点点
- Linux 下安装JDK,并配置相关环境变量
- Vim自动补全神器:YouCompleteMe
- AI淘汰80万工人,却创造了350万个新岗位!
- echarts改变默认标记类型
- myslq 计划年龄
- 解决Java在请求某些不受信任的https网站时会报:PKIX path building failed
- 让你更容易理解java中类之间的6种关系
- 使用 XmlInclude 或 SoapInclude 特性静态指定非已知的类型。解决方案一例
- 如何编写优质代码的十条不能错过的法则
- MAP@K metric for keras with tensorflow backend
- Java输出结果保留两位小数
- 处理程序 在其模块列表中有一个错误模块“ManagedPipelineHandler”
- selenium加代理ip
- Linux下修改主机名与ip的配置