将应用程序从 Windows 2000 迁移到 Windows 2008 R2 Server 后,我花了将近一周的时间才让我的应用程序正常运行。
步骤:
- 安装Java JDK 1.7.0_25
- 设置系统环境变量
JAVA_HOME
to C:\Progra~1\Java\jdk1.7.0_25\
- 将证书导入到 cacerts 中
keytool
- 确保证书存在于
keytool
with -list
.
我试过重复step 3 with InstallCert
以确保我没有错过任何事情。
上述方法并没有解决我的问题,所以我尝试以编程方式完成:
System.setProperty("javax.net.ssl.trustStore",
"C:/Progra~1/Java/jdk1.7.0_25/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
仍然没有任何运气。我被困住了,不太确定从这里该往哪个方向走。
堆栈跟踪:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at util.SMS.send(SMS.java:93)
at domain.ActivationSMSSenderMain.sendActivationMessagesToCustomers(ActivationSMSSenderMain.java:80)
at domain.ActivationSMSSenderMain.<init>(ActivationSMSSenderMain.java:44)
at domain.ActivationSMSSenderMain.main(ActivationSMSSenderMain.java:341)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 20 more
UPDATE:
Both
System.out.println(System.getProperty("javax.net.ssl.trustStore"));
and
System.out.println(System.getProperty("javax.net.ssl.keyStore"));
returns null
.
我遇到了类似的问题,其原因和解决方案都相当简单:
主要原因:没有使用 keytool 导入正确的证书
注意:仅导入根 CA(或您自己的自签名)证书
注意:不要导入中间的非证书链根证书
imap.gmail.com 的解决方案示例
-
确定根 CA 证书:
openssl s_client -showcerts -connect imap.gmail.com:993
在这种情况下,我们发现根 CA 是Equifax 安全证书颁发机构
- 下载根CA证书 https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem.
- 通过与信息进行比较,验证下载的证书具有正确的 SHA-1 和/或 MD5 指纹在这里找到 https://www.geotrust.com/resources/root-certificates/
-
导入证书javax.net.ssl.trustStore
:
keytool -import -alias gmail_imap -file Equifax_Secure_Certificate_Authority.pem
- 运行你的java代码
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)