JDK无法找到有效的证书路径

时间:2013-07-31 10:49:30

标签: java ssl

我的证书有问题。这是我的堆栈跟踪:

trustStore is: /usr/user/programs/java/jdk1.7.0_10/jre/lib/security/jssecacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=******, CN=865409164, OU=http://www.sistem.net, O=DOO, L=Citluk,   ST=Text, C=BA
Issuer:  EMAILADDRESS=***********, CN=ecommtest.rbbh.ba, OU=ITRIOSS.CARD, O=BANK, L=CITY, ST=******, C=BA

算法:RSA;序列号:0xf6e5b0e213f9b11b    有效期为Tue Jul 30 14:43:23 CEST 2013至Wed Jul 30 14:43:23 CEST 2014

最后我得到了这个:

***
%% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E                               .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException:      sun.security.validator.ValidatorException: PKIX path building failed:   sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid   certification path to requested target
main, IOException in getSession():  javax.net.ssl.SSLHandshakeException:   sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid   certification path to requested target
main, called close()
main, called closeInternal(true)

我已经将certifacte作为PKCS12,然后我在jssecacerts中通过keytool importkeystore并将其复制到JDK / jre / lib / security中

我使用apache HttpClient来执行POST请求。

感谢您的帮助

Zlaja

2 个答案:

答案 0 :(得分:0)

我们找到了解决方案。这些是步骤:

  1. https://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java运行InstallCert。它将创建jssecacerts。

  2. 从jre / lib / security

    3. 备份您的cacerts

  3. 用jssecacert

    4. 替换cacerts

  4. 像这样更改您的代码:

    val clientStore = KeyStore.getInstance("PKCS12")

clientStore.load(new FileInputStream("/home/zlaja/Downloads/imakstore_80009164.p12"), "12348765".toCharArray())

val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
kmf.init(clientStore, "12348765".toCharArray())
val kms = kmf.getKeyManagers()

val trustStore = KeyStore.getInstance("JKS")

trustStore.load(new FileInputStream("/usr/user/programs/java/jdk1.7.0_10/jre/lib/security/cacerts"), "changeit".toCharArray())

val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(trustStore)
val tms = tmf.getTrustManagers()

val sslContext = SSLContext.getInstance("TLS")
sslContext.init(kms, tms, new SecureRandom())

val schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", new SSLSocketFactory(init), 443))

val client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParameters,  schemeRegistry), httpParameters);

答案 1 :(得分:-1)

我也有这个问题,但我终于有一个适用于我的JAX-WS客户端的解决方案。

我的问题是JAX无法查看另一个密钥库而是cacerts,我的证书有2个链接,无法通过命令行导入cacerts。

相关问题
最新问题