javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败

时间:2015-11-23 10:01:29

标签: java

我正在使用java应用程序检查url connrectivity,对于某些url(内部)应用程序url,我得到200(成功),对于其他人我得到以下异常。

但如果我手动连接到下面的网址,没有问题,我需要pki证书。 需要你的帮助。

URL链接响应代码(200),好

http://pns15a-0215.corpny.com:21212/Mngr 200 OK OK

URL链接响应异常

https://tantex.intra.net/Mngr/

异常消息: sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径

日志

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.ssl找到所请求目标的有效证书路径。在sun.security.ssl的Sun.Ssecurity.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)的sun.security.ssl上保存的Alerts.getSSLException(Alerts.java:192)sunhese.ssl.Handshaker.fatalSE(Handshaker.java:276) .Handshaker.fatalSE(Handshaker.java:270)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

程序源代码

        log.info("testing the httpurlconnection for url:" + strUrl );

            url = new URL(strUrl);
            urlConn = (HttpURLConnection) url.openConnection();
            urlConn.connect();

            if (urlConn.getResponseCode() == HttpURLConnection.HTTP_OK )
            {
                log.info("url http connection is sucessfull");

                //append the response status
                urlResponseStatus = "OK";
            }
            else
            {
                log.info("url http connection failure, response code:" +  urlConn.getResponseCode());

                //append the response status
                urlResponseStatus = "NOT OK";
            }

            urlResponseCode = urlConn.getResponseCode();
            urlResponseMessage =  urlConn.getResponseMessage();

1 个答案:

答案 0 :(得分:9)

Java不信任SSL证书。证书可以是自签名的,也可以由其根证书不在Java证书库中的CA(证书颁发机构)签名。

添加代码以信任主机提供的证书。在使用URL之前导入证书。

只需添加以下代码即可信任证书

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
    public void checkServerTrusted(
        java.security.cert.X509Certificate[] certs, String authType) {
    }
}};

   try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }

// Add your code below
相关问题
最新问题