在tomcat服务器中从我的webapp发送https请求时抛出了Follwing异常
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径
这是我的服务员
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package LBS;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HttpsURLConnection;
//import javax.net.ssl.SSLContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.*;
import javax.net.ssl.*;
import java.security.cert.*;
/**
*
* @author Ruwan
*/
public class LBS2 extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
LBS2 s=new LBS2();
s.myReq();
} finally {
out.close();
}
}
public void myReq(){
System.setProperty("https.proxyHost", "10.48.242.90");
System.setProperty("https.proxyPort", "3128");
String uri = "https://somthing.com/abc?username=USERNAME&password=PASWORD";
try{
SSLContext sslctx = SSLContext.getInstance("SSL");
sslctx.init(null, new X509TrustManager[] { new MyTrustManager()}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
URL url = new URL(uri);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.setDoOutput(true);
con.connect();
if (con.getResponseCode() == HttpsURLConnection.HTTP_OK) {
BufferedReader br = new BufferedReader(new
InputStreamReader(con.getInputStream()));
String line;
while((line = br.readLine()) != null) {
System.out.println(line);
}
br.close();
}
con.disconnect();
}
catch(Exception e){
System.out.println(e.toString());
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
class MyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String
authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String
authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
请帮助我在此代码中找到SSL Certificat处理的问题 提前知道
答案 0 :(得分:1)
这可能会有所帮助:(摘自http://code.naishe.in/2011/07/looks-like-article-no-more-unable-to.html)
有些人可能熟悉(不是非常用户友好的)异常消息
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target尝试使用JSSE打开与主机的SSL连接时。这通常意味着服务器正在使用测试证书(可能使用keytool生成)而不是来自知名商业证书颁发机构(如Verisign或GoDaddy)的证书。在这种情况下,Web浏览器会显示警告对话框,但由于JSSE无法假定交互式用户存在,因此默认情况下会抛出异常。
PS:渴望发表评论,以便作为答案添加。
答案 1 :(得分:1)
您的信任库不信任服务器的证书。您需要从服务器导出它并将其安装在客户端。其他人发布的链接显示了一种方法。真正的问题可能是服务器使用自签名证书而不是CA签名证书,这只会导致每个客户端出现此问题。最好的解决方案是花钱并解决问题。
答案 2 :(得分:0)
问题:普通Java程序正常运行 但是tomcat服务器中的webapp虽然使用了相同的方法/代码,却无法正常工作
<强>解决方案: 所以我为tomcat配置了SSL证书。 如果有任何一个有同样的问题。 只需为tomcat配置SSL证书即可。
This will be helpful to configure tomcat for SSL Certificate
感谢您的所有答案和评论。 :)
答案 3 :(得分:0)
我遇到了来自赛门铁克的有效签名通配符证书的相同问题。
首先尝试使用 -Djavax.net.debug = SSL 运行您的Java应用程序,以查看实际情况。
我最终 导入中间证书 ,导致证书链中断。
我从赛门铁克下载了缺少的中间证书(在我的情况下,您可以在ssl握手日志中看到缺少证书的下载链接:http://svrintl-g3-aia.verisign.com/SVRIntlG3.cer。)
我在java密钥库中导入了cert。导入中间证书后,我的通配符ssl证书终于开始工作了:
keytool -import -keystore ../jre/lib/security/cacerts -trustcacerts -alias "VeriSign Class 3 International Server CA - G3" -file /pathto/SVRIntlG3.cer
答案 4 :(得分:-2)
您需要返回null以绕过证书验证
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}