那些遇到过的问题

"无法找到所请求目标的有效证书路径",但浏览器表示没问题

usr*_*ΛΩΝ 25 java ssl ssl-certificate tomcat7 windows-8.1

我正在开发一个Java应用程序,它连接到https://ut.eurodw.eu/(欧洲Datawarehouse的测试环境)中公开的SOAP服务.我正在开发我的开发机器,最近用Windows 8.1重新格式化了.今天,我尝试通过SOAP从我的程序向他们发送创建请求,并收到此错误:

Caused by: javax.xml.ws.WebServiceException: Could not send Message.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
    at com.sun.proxy.$Proxy110.createDeal(Unknown Source)
    at it.csttech.edwin.services.spring.EdwinServiceImpl.createDeal(EdwinServiceImpl.java:102)
    at it.csttech.edwin.consumercredit.data.managers.spring.DealManagerImpl.createEdCode(DealManagerImpl.java:319)
    ... 77 more
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://ut.eurodw.eu/edservices/2.2/DealService.svc: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1339)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1323)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:628)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
    ... 80 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1283)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1239)
    at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
    at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
    at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1296)
    ... 90 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 108 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 114 more
Run Code Online (Sandbox Code Playgroud)

正如您通过单击我的上述链接所看到的那样,这不是自签名证书,而是由我的Firefox浏览器识别的GoDaddy公共CA发布的.我的Java版本是1.7.0_60-b19.修改代码以允许不安全的SSL连接是一个坏主意.

我想确保eurodw的证书在信托商店.我该如何检查?我如何导入新证书?

PS我目前无法在部署最终应用程序的服务器上进行测试:我只能使用自己的Tomcat安装.

Fra*_*che 36

可以在以下密钥库中找到不同的证书:

%JAVA_HOME%/ JRE/lib/security中/ cacerts中

如果要列出受信任的证书:

keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts
Run Code Online (Sandbox Code Playgroud)

密码是可选的列表.

如果要添加条目:

首先,导出证书导入,假设它将是c:\ cert.crt.最好的方法是使用firefox,右键单击URL中的锁定图片,然后点击几下,就会有一个导出功能.

然后输入:

keytool -import -alias my-cert -file c:\cert.crt -keystore %JAVA_HOME%/jre/lib/security/cacerts
Run Code Online (Sandbox Code Playgroud)

密码是:changeit

别名是用户定义的标签,明智地选择它,记住你是否需要它一天,它是什么.

有了这一切,你应该能够信任证书并让一切都恢复正常.

  • "%JAVA_HOME%/ lib/security/cacerts"(带引号)适合我.必须重复@客户站点的任务,直到Oracle发布更新的信任列表 (3认同)
  • 我检查了我的 build.gradle 文件,并检查了所有存储库项目试图访问的内容,在浏览器中打开这些 URL 并按照@Francois 的说明进行操作,在 Ubuntu 上进行了尝试,重新启动了 Android Studio 项目并且它工作正常。如果您使用的是 windows7,要运行 keytool,您可以运行,键入 cmd 并按 Ctrl+Shift+enter。这将以管理员模式打开命令提示符,然后在 java 文件夹中查找 keytool.exe。 (2认同)

归档时间:

查看次数:

59314 次

最近记录:

6 年,5 月 前
"PKIX路径构建失败"和"无法找到请求目标的有效证书路径" 350
"PKIX路径构建失败"和"无法找到请求目标的有效证书路径" 350
更多相关链接
相关归档
无法为对象堆保留足够的空间 260
比较两个字节数组?(JAVA) 93
ExecutorService在超时后中断任务 87
使用Intent.putExtra发送数组 68
如何垂直对齐文本? 46
Android App Bundle在Android应用中引入了资源未找到崩溃 44
Tomcat 7中的org.apache.catalina.ServerFactory.getServer()等价物 18
HTTP错误代码:302调用https webservice时 10
无法启动Tomcat 7服务器 - java.net.BindException:地址已在使用中 8
续签证书时,公众指纹会改变吗? 1
难疑归档
如何从当前的Git工作树中删除本地(未跟踪)文件? 6561
不同浏览器中URL的最大长度是多少? 4676
在Git存储库中查找并恢复已删除的文件 2716
"最小的惊讶"和可变的默认论证 2458
什么是__init__.py? 2074
数据绑定如何在AngularJS中运行? 1924
<快于<=? 1508
什么是按位移位(位移)运算符以及它们如何工作? 1340
如何从Git的暂存区域中删除单个文件,但不将其从索引中删除或撤消对文件本身的更改? 1177
我可以将多个MySQL行连接到一个字段中吗? 1143