我的一个项目是使用http客户端3.1.x,因为现在不推荐使用,我将代码升级为使用jar http客户端4.5.2。升级后,由于证书链问题,我无法发出任何GET / POST请求。(证书是自签名证书。)错误日志如下...
[28/06/16 12:42:35:602 CEST] 00000025 SystemOut O 2016-06-28 12:42:35.602 ERROR MyProject 1.0 WebContainer : 0 .. getData LOG_XXX_ZZZZ IOException occurred during getting ZZZZZZ data for url /myURL, message: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.n.a(n.java:22)
at com.ibm.jsse2.tc.a(tc.java:465)
.
.
.
.
.
Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.e.b(e.java:45)
at com.ibm.jsse2.util.e.b(e.java:106)
at com.ibm.jsse2.util.d.a(d.java:5)
at com.ibm.jsse2.hc.a(hc.java:61)
at com.ibm.jsse2.hc.checkServerTrusted(hc.java:10)
at com.ibm.jsse2.hc.b(hc.java:14)
at com.ibm.jsse2.hb.a(hb.java:66)
... 84 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.e.b(e.java:70)
... 90 more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
... 92 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 97 more
我用来执行GET的代码如下。 POST也类似。
public int executeMethod(final HttpGet method) throws HttpException, IOException {
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpResponse httpResponse = httpClient.execute(method);
return httpResponse.getStatusLine().getStatusCode();
}
我不知道为什么之前的jar(3.x)在没有接受自签名证书的情况下工作,但新jar(4.5.2)不能用于自签名证书。
另外,我不想更改代码以接受自签名证书,因为我在不同的环境中有不同的要求,如(UAT / SIT / ET),有些包含自签名证书其他包含适当的证书。