https 证书校验异常 Trust anchor for certification path not found
来源:互联网 发布:剩余windows重置计数2 编辑:程序博客网 时间:2024/06/02 04:53
经过合法证书机构签发的证书,在android中无法通过系统验证,出现以下异常
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
1.问题原因:
服务器证书链配置错误,缺少中间证书设置
2. stackoverflow 解决方案:
服务器修改证书链配置
3. 可以通过openssl 测试证书脸是否配置正确 ,下面是支付宝的证书链,通常错误的证书链只包含你服务器自己的证书。
通过修改https跳过证书验证,将存在安全风险,导致不安全得连接。
openssl s_client -debug -connect www.alipay.com:443
---
Certificate chain
0 s:/C=CN/ST=ZHEJIANG/L=HANGZHOU/O=Alipay.com Co.,Ltd/OU=Operations Department/CN=*.alipay.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
原文: http://stackoverflow.com/questions/6825226/trust-anchor-not-found-for-android-ssl-connection
Contrary to the accepted answer you do not need a custom trust manager, you need to fix your server configuration!
I hit the same problem while connecting to an Apache server with an incorrectly installed dynadot/alphassl certificate. I'm connecting using HttpsUrlConnection (Java/Android), which was throwing -
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertPathValidatorException:
Trust anchor for certification path not found.
The actual problem is a server misconfiguration - test it with http://www.digicert.com/help/ or similar, and it will even tell you the solution:
"The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform."
You can also check the certificate with openssl:
openssl s_client -debug -connect www.thedomaintocheck.com:443
You'll probably see:
Verify return code: 21 (unable to verify the first certificate)
and, earlier in the output:
depth=0 OU = Domain Control Validated, CN = www.thedomaintocheck.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = www.thedomaintocheck.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, CN = www.thedomaintocheck.com
verify error:num=21:unable to verify the first certificate`
The certificate chain will only contain 1 element (your certificate):
Certificate chain
0 s:/OU=Domain Control Validated/CN=www.thedomaintocheck.com
i:/O=AlphaSSL/CN=AlphaSSL CA - G2
... but should reference the signing authorities in a chain back to one which is trusted by Android (Verisign, GlobalSign, etc):
Certificate chain
0 s:/OU=Domain Control Validated/CN=www.thedomaintocheck.com
i:/O=AlphaSSL/CN=AlphaSSL CA - G2
1 s:/O=AlphaSSL/CN=AlphaSSL CA - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
Instructions (and the intermediate certificates) for configuring your server are usually provided by the authority that issued your certificate, for example: http://www.alphassl.com/support/install-root-certificate.html
After installing the intermediate certificates provided by my certificate issuer I now have no errors when connecting using HttpsUrlConnection.
- https 证书校验异常 Trust anchor for certification path not found
- android 屏蔽证书验证 CertPathValidatorException: Trust anchor for certification path not found
- retrofit2中ssl的Trust anchor for certification path not found问题,屏蔽https验证
- Https报错java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
- CertPathValidatorException: Trust anchor for certification path not found解决方法
- Smack报错:Trust anchor for certification path not found
- Android 7.0 SSL Trust anchor for certification path not found.
- Trust anchor for certification path not found.问题解决(关于okhttputils的BUG)
- 在dev环境访问self assigned的https服务器,报Trust Anchor not found for Android SSL Connection
- 更新证书,打包异常"UUID not found"
- 现https协议的服务异常:'unable to find valid certification path to requested target'
- Java进行https请求需要证书的问题 unable to find valid certification path to requested target
- 使用restful请求https身份不通过, unable to find valid certification path to requested target,使用java生成签名证书
- hessian,SSO,CAS调用https不受信任之跳过证书验证(unable to find valid certification path to requested target )
- 安卓 https 证书校验
- 更换证书后 打包异常 "UUID not found"/ "xxxx描述文件 not found"
- 绕过证书校验https协议URL
- 浅析HTTPS中间人攻击与证书校验
- Linux下jenkins改端口、解决内存溢出、版本升级
- Swift-闭包的使用和总结
- 新的一年 新的打算 新的开始
- 腾讯学院运营课程第二天
- Protobuf详解
- https 证书校验异常 Trust anchor for certification path not found
- 关于NIO的理解及相关的例子
- 贝塞尔曲线拟合原理
- Android 压缩图片并转Base64方法之一
- google protobuf src安装运行
- 10年软件测试工作总结
- java逆时针螺旋输出矩阵
- JS数组的去重与降维
- 批量创建neo4j中的节点的时候,如果需要用到现有的节点需要使用with连接起来