基于Java的网站使用Paypal处理付款。错误在格林威治标准时间晚上11点左右开始,没有代码更改,如果问题出在我的托管服务提供商或Paypla上,我就无法解决。
抛出异常的代码是
// Send back to PayPal system to validate using POST
URL u = new URL(URL_PAYPAL_VALIDATE);
HttpURLConnection uc = (HttpURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
PrintWriter pw = new PrintWriter(uc.getOutputStream());
pw.println(str);
pw.close();
并发生在uc.getOuputStream()
上这是例外
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.jthink.store.action.VerifyPayment.handleRequest(VerifyPayment.java:160)
at com.jthink.store.JThinkStoreServlet.doGet(JThinkStoreServlet.java:45)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 37 more
答案 0 :(得分:3)
当您连接的Web服务器或URL没有来自授权CA的有效证书时,会发生这种常见问题。
导入服务器证书并将其安装在JDK的密钥库中以解决此问题。
如果您打开没有有效证书的网址,您可能会看到一个警告您有关证书的对话框。现在点击“查看证书”并安装证书。
或者,您可以手动将证书安装到浏览器中。
在这两种情况下,我都假设您已将证书导入浏览器。
现在您需要将其安装到服务器的JDK密钥库中。
通常,您将使用keytool来管理证书.Keytool是一个命令行实用程序,包含许多参数,允许您创建和管理用于存放数字证书的密钥库。
在命令行中转到JDK jre / bin文件夹。在我的机器上它的C:\ Program Files \ Java \ jdk1.7.0_15 \ jre \ bin
C:\ Program Files \ Java \ jdk1.7.0_15 \ jre \ bin> keytool -list -keystore .. \ lib \ security \ cacerts
输入密钥库密码:changeit
以上命令将列出所有可用的证书。
现在,您必须将预先安装的证书添加到此密钥库。要添加,首先将CA根证书导出为DER编码的二进制文件,然后将其另存为D:\ root.cer。 (您可以在工具 - >'互联网选项' - >内容 - >证书下查看已安装的证书。打开证书后,找到您在“受信任的根证书颁发机构”下安装的证书。选择正确的证书和点击“导出”。您现在可以在D:驱动器下保存它(DER编码二进制文件)。
现在,您可以使用以下命令将文件导入cacerts密钥库。
C:\ Program Files \ Java \ jdk1.7.0_15 \ jre \ bin> keytool -import -alias mycertificate -keystore .. \ lib \ security \ cacerts -file D:\ root.cer
输入密钥库密码:changeit
相信这个证书? [不]:是的 证书已添加到密钥库
您可以按照以下命令检查已安装的证书 C:\ Program Files \ Java \ jdk1.7.0_15 \ jre \ bin> keytool -list -keystore .. \ lib \ security \ cacerts
如果找到证书,则确认您已成功将证书安装到JDK密钥库。
答案 1 :(得分:1)
好的,我的托管服务提供商告诉我,可能有一个PayPals根证书已更新为不在Java密钥库中的证书。而且我应该从我相当古老的Java 6更新到Java 7,重启Tomcat以使用Java 7修复了这个问题:)