HttpClient 4.5.x中自签名证书的证书链接错误

时间:2016-06-28 11:49:45

标签: java-ee httpclient apache-httpclient-4.x

我的一个项目是使用http客户端3.1.x,因为现在不推荐使用,我将代码升级为使用jar http客户端4.5.2。升级后,由于证书链问题,我无法发出任何GET / POST请求。(证书是自签名证书。)错误日志如下...

[28/06/16 12:42:35:602 CEST] 00000025 SystemOut     O 2016-06-28 12:42:35.602 ERROR  MyProject                                1.0   WebContainer : 0               .. getData LOG_XXX_ZZZZ IOException occurred during getting ZZZZZZ data for url /myURL, message: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.n.a(n.java:22)
    at com.ibm.jsse2.tc.a(tc.java:465)
.
.
.
.
.
Caused by: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.util.e.b(e.java:45)
    at com.ibm.jsse2.util.e.b(e.java:106)
    at com.ibm.jsse2.util.d.a(d.java:5)
    at com.ibm.jsse2.hc.a(hc.java:61)
    at com.ibm.jsse2.hc.checkServerTrusted(hc.java:10)
    at com.ibm.jsse2.hc.b(hc.java:14)
    at com.ibm.jsse2.hb.a(hb.java:66)
    ... 84 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
    at com.ibm.jsse2.util.e.b(e.java:70)
    ... 90 more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=xxxx, OU=yyyy, O=zzzz, L=wwww, C=qqqq is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
    at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
    ... 92 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
    ... 97 more

我用来执行GET的代码如下。 POST也类似。

public int executeMethod(final HttpGet method) throws HttpException, IOException {
    CloseableHttpClient httpClient = HttpClients.createDefault();
    HttpResponse httpResponse = httpClient.execute(method);

    return httpResponse.getStatusLine().getStatusCode();
}

我不知道为什么之前的jar(3.x)在没有接受自签名证书的情况下工作,但新jar(4.5.2)不能用于自签名证书。

另外,我不想更改代码以接受自签名证书,因为我在不同的环境中有不同的要求,如(UAT / SIT / ET),有些包含自签名证书其他包含适当的证书。

0 个答案:

没有答案