我有java application,它连接到某些网络服务。当我尝试调用Web服务的功能时,我得到了一个例外。
虽然如果我从web application服务器上部署的其他tomcat 7调用相同的Web服务功能,它可以正常工作。
唯一的区别是我在Tomcat的主文件夹中有keystore.jks个文件。
如何让我的java应用程序使用keystore.jks文件,因为我的猜测是我的应用程序无法工作的原因?
以下是异常的堆栈跟踪:
2013-10-11 15:24:14.0685 DEBUG main org.apache.axis.enterprise – Mapping Exception to AxisFault
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.tieto.issuing.ws.Issuing.IssuingSoapBindingStub.addCardToStop(IssuingSoapBindingStub.java:2398)
at ge.ufc.cscupdator.utils.IssuingWsOperationManager.addCardToStopList(IssuingWsOperationManager.java:74)
at ge.ufc.cscupdator.CardStopCauseUpdator.main(CardStopCauseUpdator.java:51)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
答案 0 :(得分:1)
此错误
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
表示客户端从服务器收到SSL证书链,但无法使用信任锚(也称为根CA)证书验证此链。默认信任锚列表存储在Java主目录的lib/security/cacerts密钥库文件中。
要为SSL信任锚指定另一个信任存储(在这种情况下称为信任存储),您必须将此选项传递给客户端:
-Djavax.net.ssl.trustStore=/path/to/trsutstore
此信任库应包含服务器SSL证书链的根CA证书。实际上keystore.jks 可能包含此证书,但可能不。我建议您使用keytool工具和-list命令来验证是否存在根CA证书。
答案 1 :(得分:0)
从网络浏览器导出certificate,然后将其cacert导入"PATH_TO_JAVA"\jdk1.7.0_25\jre\lib\security keytool