我的系统上运行了三个tomcats,每个tomcat服务器部署一个单独的war文件。我正在尝试通过https进行这些服务器之间的通信。
我为这三种服务使用了相同的证书,因为它们位于同一台机器上。前两个服务器运行正常。
但是我的上一个tomcat服务器在服务器启动时抛出以下错误:
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:131)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:219)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:143)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:110)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
at com.sun.xml.ws.client.Stub.process(Stub.java:429)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:259)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:296)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
... 16 more
答案 0 :(得分:0)
错误表明您没有在jdk / jre / lib / secusrity / cacerts文件中获得证书,
按照以下步骤操作,希望这对您有所帮助。
1.Fire命令 keytool -list -v -keystore jdk / jre / lib / secusrity / cacerts> java_cacerts.txt
所有cacerts证书都将在java_cacerts.txt文件中导出
2.看看java_cacerts.txt。通过搜索匹配的序列号,查看它是否包含浏览器中存在的相同证书。在java_cacerts.txt文件中,序列号将为小写且没有":"冒号字符。如果它不存在,那么这可能是错误的原因,我们可以通过添加浏览器中找到的证书来解决这个问题。
3.在浏览器中,导出Root CA.选择" X.509证书(DER)"类型,因此导出的文件具有der扩展名。
假设该文件名为example.der,请选择别名'示例'这个证书。接下来导入文件。
4.keytool -import -alias example -keystore jdk / jre / lib / secusrity / cacerts -file example.der
此命令提示您输入密码,默认密码为changeit
5.再次转储内容以验证其中是否包含新证书。重启JVM。
6.还要检查cacerts文件中的证书是否与您的密钥库文件匹配