编辑: -尝试格式化问题并在我的博客中以更明显的方式接受答案
这是原始问题.
我收到此错误:
详细消息sun.security.validator.ValidatorException:PKIX路径构建失败:
sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径导致javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径
我使用Tomcat 6作为网络服务器.我有两个HTTPS Web应用程序安装在不同端口上但位于同一台机器上的不同Tomcats上.说App1(port 8443)和
App2(port 443).App1连接到App2.当App1所连接到App2我得到上述错误.我知道这是一个非常常见的错误,所以在不同的论坛和网站上遇到了很多解决方案.我有server.xml两个Tomcats 的以下条目:
keystoreFile="c:/.keystore"
keystorePass="changeit"
每个站点都说同样的原因,即app2提供的证书不在app1 jvm的可信存储中.当我试图在IE浏览器中访问相同的URL时,这似乎也是正确的,它可以工作(加热,这个网站的安全证书存在问题.在这里我说继续这个网站).但是当Java客户端(在我的情况下)遇到相同的URL时,我得到上述错误.所以把它放在信任库中我试过这三个选项:
选项1
System.setProperty("javax.net.ssl.trustStore", "C:/.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
Option2 在环境变量中设置如下
CATALINA_OPTS -- param name
-Djavax.net.ssl.trustStore=C:\.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value
选项3 在环境变量中设置如下
JAVA_OPTS -- param name
-Djavax.net.ssl.trustStore=C:\.keystore -Djavax.net.ssl.trustStorePassword=changeit ---param value
但没有任何效果.
最后工作的 是执行如何使用Apache HttpClient处理无效SSL证书中建议的Java方法?由Pascal Thivent执行,即执行程序InstallCert.
但这种方法适用于devbox设置,但我无法在生产环境中使用它.
我很奇怪,为什么上面提到的三种方法时,我已经中提到的相同值没有工作server.xml的app2服务器和相同的价值观信任设置
System.setProperty("javax.net.ssl.trustStore", "C:/.keystore") and System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); …
如何使用Apache HttpClient 4.0 绕过无效的SSL证书错误?
如何忽略Apache HttpClient 4.3的 SSL证书(全部信任)?
我在SO上找到的所有答案都会处理以前的版本,并且API已更改.
有关:
编辑:
使用Apache HttpClient 4.2.1.使用从基于表单的登录示例复制的代码
http://hc.apache.org/httpcomponents-client-ga/examples.html
访问受SSL保护的登录表单时出现异常:
Getting library items from https://appserver.gtportalbase.com/agileBase/AppController.servlet?return=blank
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Closing http connection
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
据我所知,证书很好(参见堆栈跟踪之前的URL),没有过期 - 浏览器不会抱怨.
我已经尝试将证书导入我的密钥库了
如何使用Apache HttpClient处理无效的SSL证书?
没有变化.我相信你可以创建一个自定义SSLContext来强制Java忽略错误,但我宁愿修复根本原因,因为我不想打开任何安全漏洞.
有任何想法吗?
我试图接受所有证书,和/或使用Apache HTTPClient 4.5版接受自签名证书(这里的教程链接)
我已经从SO上的一堆帖子中解决了这个问题.到目前为止,他们都没有工作过.
我一直收到这个错误: Error while trying to execute request. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Apache文档:
相关的StackOverflow问题 - 以下是我尝试过的解决方案的一些链接:
请注意,在所有这些示例中,我还传递了我之前定义的cookie存储和代理凭据提供程序.这些都在工作,我只是想添加SSL支持.
使用创建我自己的ssl上下文SSLContextBuilder并信任所有自签名策略TrustSelfSignedStrategy.
SSLContextBuilder sshbuilder = new SSLContextBuilder();
sshbuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sshbuilder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.build();
结果:没有用.拿到Error while trying to …
java ssl httpclient apache-commons-httpclient apache-httpclient-4.x
我想从使用安全连接协议HTTPS的服务器下载文件.我可以在普通服务器上做,但是,我怎么能用HTTPS做到这一点.如果有人使用过示例API,请帮助我找到有用的资源.
Apache Http客户端.您可以在此处查看相关代码:
String url = "https://path/to/url/service";
HttpClient client = new HttpClient();
PostMethod method = new PostMethod(url);
// Test whether to ignore cert errors
if (ignoreCertErrors){
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){ return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
}
};
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
} catch (Exception e){
e.printStackTrace();
}
}
try {
// Execute the method …我知道之前已被问过,但我尝试了所有我找到的解决方案,但仍然无法正常工作.
基本上,我试图通过Apache Http Client(4.3)获取一些内容,而我正在连接的网站存在一些SSL问题.
首先,我得到SSLException了和unrecognized_name消息.我试图通过将jsse.enableSNIExtension属性设置为来解决这个问题false.
然后,我得到了这个例外:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
然后我尝试提供我SSLFactory接受所有证书的赢了,但我仍然得到同样的例外.这是我的代码:
private static void sslTest() throws Exception {
System.setProperty("jsse.enableSNIExtension", "false");
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.useTLS()
.build();
SSLConnectionSocketFactory connectionFactory =
new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier());
CookieStore cookieStore = new BasicCookieStore();
HttpClientContext context = HttpClientContext.create();
context.setCookieStore(cookieStore);
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(connectionFactory)
.setDefaultCookieStore(cookieStore)
.build();
URI uri = new URIBuilder() …我需要使用在Java中使用Https构建的Web服务.使用Eclipse生成Web服务客户端并调用它我使用以下代码:
ServicioTimbradoPruebasLocator ServicioTimbradoLocator = new ServicioTimbradoPruebasLocator();
ServicioTimbradoPruebasSoap ServicioTimbrado = ServicioTimbradoLocator.getServicioTimbradoPruebasSoap();
javax.xml.rpc.Stub s =((javax.xml.rpc.Stub)ServicioTimbrado);
s._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "XXXXXXXX");
s._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, "psswd");
String resultado = ServicioTimbrado.generaTimbre(xml.getBytes());
System.out.println("resultado: " +resultado);
在这一行String resultado = ServicioTimbrado.generaTimbre(xml.getBytes()); 我收到以下错误:
AxisFault
[java] faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
[java] faultSubcode:
[java] faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[java] faultActor:
[java] faultNode:
[java] faultDetail:
[java] {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[java] at sun.security.ssl.Alerts.getSSLException(Unknown …我必须使用旧版本(1.8.1)的放心框架。我的所有请求post()或get()从放心调用的请求都会失败,因为我用于测试的服务器具有自签名 SSL 证书。
我知道从 2.2.0 版本开始,设置 ssl 连接很容易使用relaxedHTTPSValidation,例如
given().relaxedHTTPSValidation().when().get("https://some_server.com")
我还在rest-assured wiki上找到了如何处理SSL配置。
但我的问题是在旧版本的放心(1.8.1)中是否可能。
抛出的异常是SSLHandshakeException.
这是我得到的痕迹:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) …我写了一些代码来连接到我的邮件服务器并阅读电子邮件.我使用SSL连接使用POP3.我还在java密钥库中添加了SSL证书.但我仍然得到同样的例外.请帮忙.提前致谢.
我正在尝试使用Apache Client 4.5.5连接到我的Web服务器之一。
我正在尝试使用SSLContextBuilder,但现在似乎已弃用它,我不想使用已弃用的东西。
有人可以建议最新的处理无效认证的方法吗?
下面是我的代码,它工作正常,但是不建议使用SSLContext,SSLContextBuilder,loadTrustmaterial。
SSLContextBuilder sscb = new SSLContextBuilder();
sscb.loadTrustMaterial(null, new org.apache.http.conn.ssl.TrustSelfSignedStrategy());
SSLContext sslContext = sscb.build();
SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setSSLSocketFactory(sslSocketFactory)
.setConnectionManager(connectionMgr)
.build();
try {
HttpPost httppost = new HttpPost("myURL");
java ×12
ssl ×7
httpclient ×2
https ×2
apache ×1
certificate ×1
java-ee ×1
rest-assured ×1
soap ×1
web-services ×1