logo标签列表

"PKIX路径构建失败" 和 "无法找到请求目标的有效认证路径"

javassl-certificatehttpurlconnection
892

我正在尝试在我的Java项目中使用twitter4j库获取推文,在底层使用的是java.net.HttpURLConnection(如堆栈跟踪所示)。在第一次运行时,我遇到了关于证书sun.security.validator.ValidatorExceptionsun.security.provider.certpath.SunCertPathBuilderException的错误。然后我通过以下方式添加了Twitter证书:

C:\Program Files\Java\jdk1.7.0_45\jre\lib\security>keytool -importcert -trustcacerts -file PathToCert -alias ca_alias -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"

但是没有成功。这里是获取推文的过程:

public static void main(String[] args) throws TwitterException {
    ConfigurationBuilder cb = new ConfigurationBuilder();
    cb.setDebugEnabled(true)
        .setOAuthConsumerKey("myConsumerKey")
        .setOAuthConsumerSecret("myConsumerSecret")
        .setOAuthAccessToken("myAccessToken")
        .setOAuthAccessTokenSecret("myAccessTokenSecret");
    
    TwitterFactory tf = new TwitterFactory(cb.build());
    Twitter twitter = tf.getInstance();
    
    try {
        Query query = new Query("iphone");
        QueryResult result;
        result = twitter.search(query);
        System.out.println("Total amount of tweets: " + result.getTweets().size());
        List<Status> tweets = result.getTweets();
        
        for (Status tweet : tweets) {
            System.out.println("@" + tweet.getUser().getScreenName() + " : " + tweet.getText());
        }
    } catch (TwitterException te) {
        te.printStackTrace();
        System.out.println("Failed to search tweets: " + te.getMessage());
    }

这里是错误:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
    http://www.google.co.jp/search?q=d35baff5 or
    http://www.google.co.jp/search?q=1446302e
TwitterException{exceptionCode=[d35baff5-1446302e 43208640-747fd158 43208640-747fd158 43208640-747fd158], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5}
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
    at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
    at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:81)
    at twitter4j.TwitterImpl.get(TwitterImpl.java:1929)
    at twitter4j.TwitterImpl.search(TwitterImpl.java:306)
    at jku.cc.servlets.TweetsAnalyzer.main(TweetsAnalyzer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at twitter4j.internal.http.HttpResponseImpl.<init>(HttpResponseImpl.java:34)
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:141)
    ... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 26 more
Failed to search tweets: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
11
你好,请检查下面的网址。我相信这些将对你有所帮助。http://www.java-samples.com/showtutorial.php?tutorialid=210 https://confluence.atlassian.com/display/JIRAKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException。你需要将你的SSL证书添加到Java信任库证书中(路径:jre/lib/security/cacerts)。 - sus007
4
我刚刚使用了这段 Java 代码,对于 https,请不要忘记将端口指定为 443。 Java 代码位于 https://github.com/escline/InstallCert/blob/master/InstallCert.java它将使用您的 CACERTS 文件,并将添加所有那些以及您输入的 URL 的当前证书。 在我的情况下,我将值硬编码为 host="mywebservice.uat.xyz.com"; port=443; passphrase="changeit".toCharArray();然后,程序会创建一个名为“jssecacerts”的新文件,其中将包含所有内容。将其重命名为“cacerts”并使用此文件。您就可以开始了。 - Reddymails
这个回答解决了你的问题吗? 如何解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed 错误? - rogerdpack
我只是将HTTPS替换为HTTP,它就能正常工作了。也许我的评论对某人有用。 - Oleksandr
当运行mvn时,添加此参数对我有帮助,因为它由于某种原因未使用JAVA_HOME中的默认Java信任存储:-"Djavax.net.ssl.trustStore"="C:\path\to\your\cacerts" - ADJenks
显示剩余2条评论
60个回答
1

我曾遇到这个Java 8的问题,但是升级到Java 11后它得到了解决。

1

以上建议可行,但因为我需要经常使用,所以我想要更简单的命令行解决方案,于是我想出了jssl

TLDR:
jssl example.com install
jssl example.com ping
jssl example.com uninstall

您可以通过homebrew安装jssl:
brew install pmamico/java/jssl
或者无需homebrew:
curl -sL https://raw.githubusercontent.com/pmamico/java-ssl-tools/main/install.sh | bash

它也适用于Windows、macOS和Linux。
查看更多内容请访问https://github.com/pmamico/java-ssl-tools

哇,太棒了!这是一个不可或缺的工具。 - brajmohan
1

对我来说,提出的解决方案都没有起作用。最终我使用了这个变通方法。请记住,这并不是理想的解决方案。

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.resolver.transport=wagon
0
在我的情况下,我在我的 Mac 上安装了一个代理软件,这是罪魁祸首。
当我尝试在我的 MacBook 上构建项目时,我遇到了这个问题。我尝试了很多解决方案,但都没有起作用。最后发现 IT 团队安装了一个代理软件,并怀疑该代理软件可能会阻止 gradle 下载依赖项。我联系了 IT 团队并卸载了代理软件,然后同步了项目,最终解决了问题。
0

通过Linux终端进行的工作步骤(如下)

  1. 下载URL证书(对我来说,repo.maven.apache.org在抱怨)
openssl s_client -showcerts -connect repo.maven.apache.org:443 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > /tmp/maven_repo.pem
  1. 将证书信息提取到现有的密钥库文件中(假设为 abc.jks
sudo $JAVA_HOME/bin/keytool -trustcacerts -keystore /home/akhilesh/abc.jks  -storepass changeit -importcert -alias mavenrepo -file /tmp/maven_repo.pem
  1. 如果您没有现有的密钥库文件,则可以将其添加到${JAVA_HOME}/lib/security/cacerts中。
sudo ${JAVA_HOME}/bin/keytool -importcert -alias "MavenCert" -keystore /${JAVA_HOME}/lib/security/cacerts -file /tmp/maven_repo.pem
0
虽然已经提供了很多答案,但我想提供一个简单的替代方案,基于我自己构建的certificate ripper。它可以提取服务器证书并将其添加到jdk的cacert信任库中。请参考下面的命令。
crip export jks -u=https://[HOST:[PORT] -d=$JAVA_HOME/jre/lib/security/cacerts

在某些情况下,您需要以sudo或管理员权限运行它。它适用于Windows、Mac和Linx。二进制文件可以在这里找到:证书剥离器二进制文件
-1

当您在使用Atlassian软件(例如Jira)时遇到上述错误时

2018-08-18 11:35:00,312 Caesium-1-4 WARN anonymous    Default Mail Handler [c.a.mail.incoming.mailfetcherservice] Default Mail Handler[10001]: javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while connecting to host 'imap.xyz.pl' as user 'jira@xyz.pl' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

您可以将证书添加到其受信任的密钥库中(将missing_ca更改为正确的证书名称):

keytool -importcert -file missing_ca.crt -alias missing_ca -keystore /opt/atlassian/jira/jre/lib/security/cacerts

如果要求输入密码,请输入changeit并确认y

之后只需重新启动Jira即可。

-1

我留下一些提示。

  1. 使用-Dssl.debug=true来检查SSL。
  2. 检查您是否正在创建隧道或尝试忽略它。
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, (x509CertChain, authType) -> true).build();
            httpClient = HttpClientBuilder.create()
                    .setSSLContext(sslContext)
                    .setConnectionManager(new PoolingHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create()
                            .register("http", PlainConnectionSocketFactory.INSTANCE)
                            .register("https", new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE))
                            .build()
                    )).build();

httpClient.execute(requisicao)
-1

错误

A problem occurred configuring root project 'uy-android-pagos'.
> Could not resolve all artifacts for configuration ':classpath'.
   > Could not resolve com.goo  gle.firebase:firebase-crashlytics-gradle:2.1.0.
     Required by:
         project :
      > Could not resolve com.goo  gle.firebase:firebase-crashlytics-gradle:2.1.0.
         > Could not get resource 'https://depdes.artifactory.prod.cloud.ihf/artifactory/itau-oq6-frameworks-maven/com/goo%20%20gle/firebase/firebase-crashlytics-gradle/2.1.0/firebase-crashlytics-gradle-2.1.0.pom'.
            > Could not GET 'https://depdes.artifactory.prod.cloud.ihf/artifactory/itau-oq6-frameworks-maven/com/goo%20%20gle/firebase/firebase-crashlytics-gradle/2.1.0/firebase-crashlytics-gradle-2.1.0.pom'.
               > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解决方案

请记住,导致此错误的可能原因有很多,在我的情况下,我通过以下方式修复了它:

  1. 与Gradle文件同步项目
  2. 检查错误Could not resolve com.goo gle.firebase:firebase-crashlytics-gradle:2.1.0.
  3. build.gradle (:project)中将com.goo gle.firebase:firebase-crashlytics-gradle:2.1.0更改为com.google.firebase:firebase-crashlytics-gradle:2.1.0(注意空格)

依赖类路径中的任何错误都会生成此类型的异常。检查生成问题的提交的gradle。

GL

-1

如果在像 Spring Tools SuiteEclipse 这样的IDE中遇到了这个错误,请首先尝试使用URLHTTP版本而不是HTTPS

当我尝试将SonarQube链接添加到Spring Tools Suite时,我遇到了这个错误。 我用以下URL进行替换:

http://sonarqube...

替代

https://sonarqube...

我已成功连接上SonarQube

希望这对像我一样正在寻找答案的人有所帮助。

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接