pet*_*ust 6 java macos x509certificate pkix
I have been building web downloaders over the years (e.g., using Apache HTTPClient and recently JBrowser [1]). These have worked OK till recently when some sites result in certification errors. I do not understand the details, and I cannot find a simple tutorial for people who know relatively little about certificates (e.g., what one looks like and how it obtained or created). This is a request for a default explanation of the simplest case and how to fix it. Typical error:
[2020-02-17T09:38:24.249][Instance 1][Port 57129] Warning: Single GUI Threadiong is enabled, FPS should be slower
[2020-02-17T09:38:29.737][Instance 1][Port 57129] Feb 17, 2020 9:38:29 AM com.sun.webkit.network.URLLoader doRun
[2020-02-17T09:38:29.737][Instance 1][Port 57129] WARNING: Unexpected error
[2020-02-17T09:38:29.737][Instance 1][Port 57129] java.io.IOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: https://osf.io/search/?q=coronavirus
[2020-02-17T09:38:29.737][Instance 1][Port 57129] at com.machinepublishers.jbrowserdriver.StreamConnection.exec(StreamConnection.java:369)
[2020-02-17T09:38:29.737][Instance 1][Port 57129] at com.machinepublishers.jbrowserdriver.StreamConnection.getResponseCode(StreamConnection.java:449)
[2020-02-17T09:38:29.737][Instance 1][Port 57129] at com.sun.webkit.network.URLLoader.receiveResponse(URLLoader.java:414)
...
I can access the URL through browsers (Firefox, Chrome) and get HTML which represents what I want, but cannot access this programmatically.
I have read several accounts of how to fix this (e.g. [2]), but they generally refer to "your Keystore" or "trust manager" as if everyone knows what these are. I am concerned that if I don't know what I am doing, I could break security. I don't know how I add sites to these or whether I even should.
I am on MACOSX and appear to have a binary file
"/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/JRE/lib/security/cacerts"
Some of the answers suggest I should have a file called "truststore.jks" but don't say where this should be or how it was created.
So I am asking for a simple explanation of the system components and the simplest way to fix it. In some cases, I can avoid it (e.g., by using curl from the command-line), so I don't know how much this is a Java (8) problem.
编辑: Trust Store vs Key Store - 用 keytool 创建似乎解释了 KeyStore 和 TrustStore 之间的区别,但我仍然不知道该怎么做。
[1] http://machinepublishers.github.io/jBrowserDriver/com/machinepublishers/jbrowserdriver /JBrowserDriver.html [2]在java中使用自定义信任库以及默认信任库
抱歉,我不确定您需要多少详细信息。希望它能帮助您入门。我可以根据您的需要扩展这些步骤。请告诉我。
密钥库存储私钥和公共证书,信任库存储您想要信任的其他服务的受信任证书。Java 捆绑了信任库 cacerts,它包含默认的、众所周知的受信任证书颁发机构。
作为 ssl 握手的一部分,服务将其密钥库中的公共证书提供给客户端,另一方面,客户端根据其信任库验证所提供的证书。
对于任何编程访问,我将创建一个单独的信任库文件并导入您信任的服务的证书。因此,在您的情况下,您必须导入https://osf.io/search/?q=coronavirus提供的证书。
创建信任库后,您可以使用 jvm 参数引用信任库。
脚步
| 归档时间: |
|
| 查看次数: |
212 次 |
| 最近记录: |