Question

我正在使用fabric8 maven deploy部署示例springboot应用程序。构建因SSLHandshakeException而失败。

F8: Cannot access cluster for detecting mode: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Failed to execute goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build (default) on project fuse-camel-sb-rest: Execution default of goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build failed: An error has occurred. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build (default) on project fuse-camel-sb-rest: Execution default of goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build failed: An error has occurred.

因此，我从Openshift webconsole下载了公共证书并使用

将其添加到JVM

C:\...\jdk.\bin>keytool -import -alias rootcert -file C:\sample\RootCert.cer -keystore cacerts

并得到消息，它已成功添加到密钥库，list命令显示已添加的证书。

    C:\...\jdk.\bin>keytool -list -keystore cacerts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

rootcert, May 18, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): XX:XX:XX:..........

但是mvn：fabric8部署版本仍然失败并出现相同的异常。

有人可以解释这个问题吗？我错过了什么吗？

Answer 1

将证书添加到$ JAVAHOME / jre / lib / security中的“cacerts”解决了这个问题。

Answer 2

Jack的解决方案在Windows上可以正常工作。在openshift Web控制台上时，我从webrowser导出了证书。然后我将证书添加到$ JAVAHOME / jre / lib / security中的cacerts：密钥工具-import -alias my.alias -file C：\样品\ RootCert.cer -keystore cacerts中

Answer 3

以下在MacOS上有效：

要安装的证书是在浏览器URL栏上找到的证书；
在Firefox上（至少），单击URL左侧的挂锁，然后继续进行 Connection> / 更多信息 / 查看证书< / em> / 详细信息，最后通过导出... 将证书保存在本地。

在命令行上，确定正在使用哪个JRE maven：

$ mvn --version Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe; 2018-06-17T19:33:14+01:00) Maven home: /Users/.../apache-maven-3.5.4 Java version: 1.8.0_171, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre Default locale: en_GB, platform encoding: UTF-8 OS name: "mac os x", version: "10.12.6", arch: "x86_64", family: "mac"

您可能需要“ root”才能更新cacerts文件。

$ sudo keytool -import -alias my-openshift-clustername -file /Users/.../downloads/my-cluster-cert.crt -keystore $JAVA_HOME/jre/lib/security/cacerts Password: {your password for sudo} Enter keystore password: {JRE cacerts password, default is changeit} ... keytool prints certificate details... Trust this certificate? [no]: yes Certificate was added to keystore

验证证书是否确实已成功添加：

$ keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts Enter keystore password: changeit Keystore type: JKS Keystore provider: SUN Your keystore contains 106 entries ...other entries, in no particular order... my-openshift-clustername, 25-Feb-2019, trustedCertEntry, Certificate fingerprint (SHA1): F4:17:3B:D8:E1:4E:0F:AD:16:D3:FF:0F:22:73:40:AE:A2:67:B2:AB ...other entries...

Answer 4

我在Windows上解决了添加带有以下内容的Openshift证书的问题：

keytool -import -trustcacerts -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit -alias Root -import -file openshift.der

openshift.der位于BASE64中。

Openshift部署F8：无法访问集群以进行检测模式：sun.security.validator.ValidatorException

4 个答案: