SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
来源:互联网 发布:java微信退款接口开发 编辑:程序博客网 时间:2024/05/21 08:53
Problem
Configured Tomcat to support SSL and deployed this web service on a development Tomcat server. While connect to the deployed web service over SSL connection via this URL : “https://localhost:8443/HelloWorld/hello?wsdl“, it hits
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution
The caused of the problem and solution are both well explain in this article. Below is just the same solution, but demonstrate in my development environment :)
1. Get InstallCert.java
Get a InstallCert.java
file from http://blogs.sun.com/andreas/resource/InstallCert.java
2. Add Trusted Keystore
Run InstallCert.java
, with your hostname and https port, and press “1” when ask for input. It will add your “localhost” as a trusted keystore, and generate a file named “jssecacerts“.
C:\>java InstallCert localhost:8443Loading KeyStore C:\Program Files\Java\jre6\lib\security\cacerts...Opening connection to localhost:8443...Starting SSL handshake... javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at InstallCert.main(InstallCert.java:87)Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:182) ... 9 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 15 more Server sent 1 certificate(s): 1 Subject CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my Issuer CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my sha1 32 3e 15 42 96 ba e9 4d 9c 5d e7 5e 6b 0f 30 23 b4 e3 f4 98 md5 c8 dd a1 af 9f 55 a0 7f 6e 98 10 de 8c 63 1b a5 Enter certificate to add to trusted keystore or 'q' to quit: [1]1 [[ Version: V3 Subject: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 112947357965195455455273066483466406445953905159886405808238711596263172881963411025536771876968345143852818792324653385474447079095947765738603763623809877708947925605969778439492674142765473599467805403019366266908840470689044459364523220747231216704221781747262219695262340353839314222273672957748320603247 public exponent: 65537 Validity: [From: Tue Dec 14 15:13:51 SGT 2010, To: Mon Mar 14 15:13:51 SGT 2011] Issuer: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my SerialNumber: [ 4d07192f] ] Algorithm: [SHA1withRSA] Signature:0000: 38 E4 F4 D9 51 B1 5F C1 01 13 32 79 DE 97 26 58 8...Q._...2y..&X0010: 13 08 F1 A0 33 DB B9 90 AF EE 9E AE B9 9B 68 7D ....3.........h.0020: DF E8 7D 79 9D 92 24 4A 76 C9 4C 28 DA 68 B0 62 ...y..$Jv.L(.h.b0030: FF AB 27 03 5C DD 1F C8 77 A2 25 18 DF 0C DC FD ..'.\...w.%.....0040: D3 39 5D 18 B4 BA 4B 36 8C FD C5 80 FF F2 E3 4D .9]...K6.......M0050: 0A 28 57 B9 04 D8 25 F6 FB CA DA 13 0C 36 FB 02 .(W...%......6..0060: 9A B3 B1 28 46 D1 8E C7 D9 1A 5B CE BB A6 6F FD ...(F.....[...o.0070: 6D F2 35 D9 95 43 6E 38 2A 56 E7 31 21 D9 F0 90 m.5..Cn8*V.1!... ] Added certificate to keystore 'jssecacerts' using alias 'localhost-1'
3. Verify Trusted Keystore
Try run the
InstallCert
command again, the connection should be ok now.C:\>java InstallCert localhost:8443Loading KeyStore jssecacerts...Opening connection to localhost:8443...Starting SSL handshake... No errors, certificate is already trusted Server sent 1 certificate(s): 1 Subject CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my Issuer CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=my sha1 32 3e 15 42 96 ba e9 4d 9c 5d e7 5e 6b 0f 30 23 b4 e3 f4 98 md5 c8 dd a1 af 9f 55 a0 7f 6e 98 10 de 8c 63 1b a5 Enter certificate to add to trusted keystore or 'q' to quit: [1]qKeyStore not changed C:\>4.Copy jssecacerts
Copy the generated “jssecacerts” file to your “$JAVA_HOME\jre\lib\security” folder.
5. Done
Run your web service client again, it should be working now.
http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/
- SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
- SunCertPathBuilderException: unable to find valid certification path to requested target
- (已解决)SunCertPathBuilderException: unable to find valid certification path to requested target
- HTTPS中SunCertPathBuilderException: unable to find valid certification path to requested target
- 【cas、tomcat】SunCertPathBuilderException: unable to find valid certification path to requested target
- unable to find valid certification path to requested target'解决办法
- unable to find valid certification path to requested target
- unable to find valid certification path to requested target
- Unable to find valid certification path to requested target
- unable to find valid certification path to requested target
- 彻底解决unable to find valid certification path to requested target
- 20170704unable to find valid certification path to requested target
- PKIX path building failed: unable to find valid certification path to requested target
- 解决PKIX path building failed的问题unable to find valid certification path to requested target
- 解决方案:PKIX path building failed:unable to find valid certification path to requested target
- No more 'unable to find valid certification path to requested target'
- unable to find valid certification path to requested target 我的解决办法
- 现https协议的服务异常:'unable to find valid certification path to requested target'
- 判断字母或数字的函数,c和java
- Oracle中用户用dba可以登录,但是normal的权限登录不了!
- Heritage from father HDU1178 居然TLE!!!
- git send-mail发送patches配置(linux环境,使用Gmail)
- OpenCV Intro - Back Projection
- SunCertPathBuilderException: Unable To Find Valid Certification Path To Requested Target
- Android选择本地图片过大程序停止的总结
- Machine Learning - XIII. Clustering聚类 (Week 8)
- 建立最大堆—数组—Java
- java中PriorityQueue优先级队列使用方法
- 使得公司的根深蒂固
- 利用Objective-C的反射机制和运行时特性实现类静态方法的动态访问(二)
- linux下iwconfig结果中的wlan1修改为wlan0
- 字符集转化/curses