Certificate Java应用程序中要使用的keystore.jks
我有一个Certificate Java应用程序中要使用的keystore.jks,certificate,java-7,keystore,Certificate,Java 7,Keystore,我有一个java应用程序,它连接到某个web服务。当我尝试调用web服务的函数时,我得到一个异常 虽然如果我从部署在tomcat7服务器上的另一个web应用程序调用相同的web服务函数,它仍然可以正常工作 唯一的区别是我在Tomcat的主文件夹中有keystore.jks文件 既然我猜这是我的应用程序无法工作的原因,那么我如何让我的java应用程序使用keystore.jks文件呢 以下是异常的堆栈跟踪: 2013-10-11 15:24:14.0685 DEBUG main org.apach
java应用程序
,它连接到某个web服务。当我尝试调用web服务的函数时,我得到一个异常
虽然如果我从部署在tomcat7
服务器上的另一个web应用程序
调用相同的web服务函数,它仍然可以正常工作
唯一的区别是我在Tomcat的主文件夹中有keystore.jks
文件
既然我猜这是我的应用程序无法工作的原因,那么我如何让我的java应用程序使用keystore.jks
文件呢
以下是异常的堆栈跟踪:
2013-10-11 15:24:14.0685 DEBUG main org.apache.axis.enterprise – Mapping Exception to AxisFault
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.tieto.issuing.ws.Issuing.IssuingSoapBindingStub.addCardToStop(IssuingSoapBindingStub.java:2398)
at ge.ufc.cscupdator.utils.IssuingWsOperationManager.addCardToStopList(IssuingWsOperationManager.java:74)
at ge.ufc.cscupdator.CardStopCauseUpdator.main(CardStopCauseUpdator.java:51)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
从web浏览器导出
证书
,然后使用keytool从web浏览器导出证书
,然后将其导入到JAVA路径中的cacert
\jdk1.7.0_25\jre\lib\security
带有keytool
此错误
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
指示客户端从服务器接收到SSL证书链,但无法使用信任锚点(也称为根CA)证书验证此链。默认信任锚列表存储在Java主目录中的lib/security/cacerts
keystore文件中
要为SSL信任锚指定另一个信任存储(在这种情况下称为信任存储),必须将此选项传递给客户端:
-Djavax.net.ssl.trustStore=/path/to/trsutstore
此信任存储应包含服务器SSL证书链的根CA证书。实际上,keystore.jks
可能包含此证书,但也可能不包含。我建议您将keytool
工具与-list
命令一起使用,以验证根CA证书是否存在。此错误
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
指示客户端从服务器接收到SSL证书链,但无法使用信任锚点(也称为根CA)证书验证此链。默认信任锚列表存储在Java主目录中的lib/security/cacerts
keystore文件中
要为SSL信任锚指定另一个信任存储(在这种情况下称为信任存储),必须将此选项传递给客户端:
-Djavax.net.ssl.trustStore=/path/to/trsutstore
此信任存储应包含服务器SSL证书链的根CA证书。实际上,keystore.jks
可能包含此证书,但也可能不包含。我建议您使用keytool
工具和-list
命令来验证根CA证书是否存在