Java SSL连接和PKIX EROR_Java_Tomcat_Ssl_Cryptography_X509

Java SSL连接和PKIX EROR

java tomcat ssl cryptography

Java SSL连接和PKIX EROR,java,tomcat,ssl,cryptography,x509,Java,Tomcat,Ssl,Cryptography,X509,我有两台linux作为服务器，一台服务器有使用ldap的软件（有tomcat），另一台服务器有ldap（ldap servr），我想在ldap服务器和另一台服务器之间建立ssl连接，为此，我生成根证书和根证书的子证书（该证书的公共名称和主题替代名称为Ip add）我使用JavaKeyTool（根证书）创建信任存储。我将根证书、服务器证书和来自服务器的密钥放在ldap配置中，并在使用tomcat运行软件后将信任存储放在tomcat中。我有这个错误。如何修复它们 ption: unable to

我有两台linux作为服务器，一台服务器有使用ldap的软件（有tomcat），另一台服务器有ldap（ldap servr），我想在ldap服务器和另一台服务器之间建立ssl连接，为此，我生成根证书和根证书的子证书（该证书的公共名称和主题替代名称为Ip add）我使用JavaKeyTool（根证书）创建信任存储。我将根证书、服务器证书和来自服务器的密钥放在ldap配置中，并在使用tomcat运行软件后将信任存储放在tomcat中。我有这个错误。如何修复它们

 ption: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:344)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:208)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:161)
            at ir.cto.crypto.manager.LdapConnector.init2(LdapConnector.java:72)
            at ir.cto.crypto.manager.RepositoryManager.repositoryInit(RepositoryManager.java:192)
            at ir.cto.ca.server.common.ldap.LdapManagerImpl.unPublishCRL(LdapManagerImpl.java:37)
            at ir.cto.ca.server.scheduling.CRLPublishingJob.executeInternal(CRLPublishingJob.java:282)
            at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:66)
            at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
            at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:509)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
            ... 17 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 23 more
    Eroor in negotiate
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:344)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:208)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:161)
            at ir.cto.crypto.manager.LdapConnector.init2(LdapConnector.java:72)
            at ir.cto.crypto.manager.RepositoryManager.repositoryInit(RepositoryManager.java:192)
            at ir.cto.ca.server.common.ldap.LdapManagerImpl.unPublishCRL(LdapManagerImpl.java:37)
            at ir.cto.ca.server.scheduling.CRLPublishingJob.executeInternal(CRLPublishingJob.java:282)
            at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:66)
            at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
            at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:509)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
            ... 17 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 23 more
Eroor in negotiate                         
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:344)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:208)
            at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:161)
            at ir.cto.crypto.manager.LdapConnector.init2(LdapConnector.java:72)
            at ir.cto.crypto.manager.RepositoryManager.repositoryInit(RepositoryManager.java:192)
            at ir.cto.ca.server.common.ldap.LdapManagerImpl.unPublishCRL(LdapManagerImpl.java:37)
            at ir.cto.ca.server.scheduling.CRLPublishingJob.executeInternal(CRLPublishingJob.java:282)
            at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:66)
            at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
            at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:509)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
            ... 17 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 23 more

您需要提供更多有关设置的信息。Tomcat是如何配置为使用SSL的？LDAP是如何配置为使用SSL的？你能用Tomcat以外的东西通过SSL连接到LDAP吗？Tnx，在我的LDAP中，我有SSL连接，但在连接LDAP的服务器中，我在Tomcat中有这个错误，我在软件中创建war文件，并将webapp放在Tomcat中。ts文件（是信任库）将web inf放在Tomcat中我的软件如何？您是否可以使用带有普通客户端（即非Tomcat）的LDAP连接到LDAP服务器。排除LDAP服务器的配置没有问题是有帮助的。您好，我必须在一台pc上安装openldap，将它们与ldaps中的LDAP浏览器连接。在另一台pc中，我有使用ldap的软件，它在tomcat中运行。在这台pc中，我将信任存储ldap（.ts文件具有ldap的根证书）放在tomcat中，如果运行此软件，则会出现上述错误。