OpenJDK 10拒绝所有SSL证书

时间:2019-05-31 12:19:14

标签: java ssl

我安装了OpenJDK10。我所做的只是打开它的包装,设置PATH变量和JAVA_HOME变量。

Java甚至拒绝google.de证书(以及我尝试过的所有其他证书)。我通过一些尝试连接的虚拟类对此进行了测试。结果是:

C:\Users\Alexander\Downloads>java SSLPoke google.de 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
        at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
        at java.base/sun.security.validator.Validator.validate(Validator.java:264)
        at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:226)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
        at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
        at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777)
        at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264)
        at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
        at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
        at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
        at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
        at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
        at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
        at java.base/sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:733)
        at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:67)
        at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:81)
        at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ... 18 more

在网络上找到了很多如何向Java添加特殊证书的方法,但是我认为在Java安装中一般来说是错误的。

所以我的问题是,感冒是由什么引起的??

2 个答案:

答案 0 :(得分:1)

您应该在cacerts密钥库中验证根证书。该文件存储在JAVA_HOME/jre/lib/security/cacerts(或Java新版本的JAVA_HOME/lib/security/cacerts)中。根据{{​​3}}帖子,您可以使用keytool命令对它们进行计数:

>jdk-10\bin\keytool -cacerts -list | find "Certificate" /c
Enter keystore password:  changeit
80

您的Java安装很可能已损坏,应该重新安装。请注意,OpenJDK由多个供应商提供,可能是您使用的是不安装根证书的安装程序。

答案 1 :(得分:1)

最终安装了oracle jdk 10(也是10.0.2),并且可以正常工作

C:\Users\Alexander\Downloads>java "SSLPoke" google.de 443
Successfully connected
相关问题
最新问题