错误:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Webserver:Glassfish 4.1 --- Java 7 Windows 7
我创建了一个自签名* .domain.com证书。使用HttpsURLConnection和glassfish我得到上面的错误提示。
如果我使用site.domain.com证书,一切正常。它只会在我使用* .domain.com证书时失败。
glassfish是否有特殊设置来处理* .domain.com证书?
我在哪里安装* .domain.com证书:
keytool -import -v -trustcacerts -alias webssl -keystore "c:\glassfish4\glassfish\domains\mydomain\cacerts.jks" -file webssl.crt -keypass changeit -storepass changeit
keytool -import -v -trustcacerts -alias webssl -keystore "c:\glassfish4\glassfish\domains\mydomain\keystore.jks" -file webssl.crt -keypass changeit -storepass changeit
keytool -import -alias webssl -keystore "c:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts" -file webssl.crt
我已经验证了每个密钥库中的证书,其中包含了允许我使用某个密钥库的示例程序
java -Djavax.net.ssl.trustStore="c:\glassfish4\glassfish\domains\mydomain\keystore.jks" SSLPoke site1.mydomain.com 443
我还使用Java SE测试了对子域的访问,一切正常
String httpsURL = "https://site1.mydomain.com";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
{
System.out.println(inputLine);
}
in.close();
}
}
看起来我错过了glassfish中的一些设置以允许连接到我的* .domain.com