Fatal编程技术网
  • apache/
  • Apache PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径

Apache PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径

apache tomcat ssl

Apache PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径,apache,tomcat,ssl,Apache,Tomcat,Ssl,我正在通过Tomcat7.x中的TLS连接(https)进行Webservice调用 在调用WebService时,我遇到以下错误。问题是什么?我已尝试创建证书和CA 供参考- 我导入了CA证书和其他证书,但仍然收到了此问题。请给我一些建议 Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MySe

我正在通过Tomcat7.x中的TLS连接(https)进行Webservice调用

在调用WebService时,我遇到以下错误。问题是什么?我已尝试创建证书和CA

供参考-

我导入了CA证书和其他证书,但仍然收到了此问题。请给我一些建议

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:8443/myDomain/MyService?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92)
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632)
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
    ... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 61 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

原因:javax.wsdl.WSDLException:WSDLException:faultCode=PARSER\u错误:解析问题'https://localhost:8443/myDomain/MyService?wsdl“:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到有效的请求目标的证书路径
位于com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(未知源)
位于com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(未知源)
位于com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(未知源)
位于org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:262)
位于org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:205)
位于org.apache.cxf.wsdl11.WSDLServiceFactory.(WSDLServiceFactory.java:92)
... 37多
原因:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
位于sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
位于sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
位于sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
位于sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
位于sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
位于sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
位于sun.security.ssl.Handshaker.process_记录(Handshaker.java:804)
位于sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
位于sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
位于sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
位于sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
位于sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
位于sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
位于sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
位于sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
在com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:632)
位于com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:189)
位于com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:799)
位于com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
位于com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
位于com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
在com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
... 43多
原因:sun.security.validator.validator异常:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
位于sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
位于sun.security.validator.validator.validate(validator.java:260)
位于sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
位于sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
位于sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
位于sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 61多
原因:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
位于sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
位于java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
位于sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
我通过在本地创建证书来测试证书。所以我遵循这些步骤

Keys>keytool-genkey-alias TLS-keystore TLSKeyStore.jks-keyalg RSA-sigalg SHA1withRSA Keys>keytool-export-alias TLS-file TLS.cer-keystore TLSKeyStore.jks Keys>keytool-certreq-alias TLS-keystore TLSKeyStore.jks-file TLS.csr

CA>设置RANDFILE=rand

CA>openssl请求-new-keyout-TLSkey.pem-out-TLSreq.pem-config C:\openssl-Win64\bin\openssl.cfg

CA>openssl x509-signkey TLSkey.pem-req-days 3650-in-TLSreq.pem-out-TLSroot.cer-extensions v3_CA

CA>openssl x509-CA TLSroot.cer-CAkey TLSkey.pem-CAserial serial.txt-req-in../Keys/TLS.csr-out../Keys/TLSTestCA.cer-365天

Keys>keytool-import-alias TLSCA-file../CA/TLSroot.cer-keystore TLSKeyStore.jks
Keys>keytool-import-alias TLS-file TLSTestCA.cer-keystore TLSKeyStore.jks

最终我找到了解决这个问题的方法

请参阅此链接中的。通过将参数作为localhost:9443传递,以独立方式运行此程序,程序将在eclipse下创建jssecacerts文件。 将此jssecacerts文件复制到您的JDK\u HOME\jre\lib\security\folder中。这应该可以解决问题

TLS安装快乐

这是一个ov 
sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der
sudo keytool -import -alias mysiteprod -keystore  $JAVA_HOME/jre/lib/security/cacerts -file prod.der
sudo keytool -import -alias mysitedev -keystore  $JAVA_HOME/jre/lib/security/cacerts -file dev.der

keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

-Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts"
-Djavax.net.ssl.trustStorePassword="changeit"