Java中的SSL密钥和客户端身份验证

时间:2011-05-09 12:59:24

标签: java web-services ssl ssl-certificate authentication

我正在连接到Web服务SSL客户端身份验证,我通过以下方式设置密钥库:

System.getProperties().setProperty("javax.net.ssl.keyStore", 
                                  "d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");

调用网络服务时:

GetAccountBalanceResponse resp = services.getAccountBalance(request);

我收到以下错误

WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is: 
    HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
    at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
    at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
    at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
    ... 2 more

密钥库包含客户端的私有证书,证书有效,并且在浏览器中使用时工作正常。我该如何解决?

非常感谢。

1 个答案:

答案 0 :(得分:3)

当签署服务器证书的CA不是众所周知的CA之一或CA的公共证书不在客户端的信任存储中时,会发生此错误。要解决此问题,您必须将CA的公共证书添加到客户端的信任存储区。

有关详细说明,请参阅unable to find valid certification path to requested targetNo more 'unable to find valid certification path to requested target'

相关问题
最新问题