Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/311.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/excel/26.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 爪哇语;sun.security.validator.validator异常:PKIX路径生成失败;证书验证错误_Java_Validation_Ssl_Certificate_Ssl Certificate - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 爪哇语;sun.security.validator.validator异常:PKIX路径生成失败;证书验证错误

Java 爪哇语;sun.security.validator.validator异常:PKIX路径生成失败;证书验证错误

java validation ssl certificate

Java 爪哇语;sun.security.validator.validator异常:PKIX路径生成失败;证书验证错误,java,validation,ssl,certificate,ssl-certificate,Java,Validation,Ssl,Certificate,Ssl Certificate,我正在尝试检索使用java的SSL证书的论坛的索引页: WebClient webClient = new WebClient(...); HtmlPage sectionPage = webClient.getPage("https://rstforums.com/"); 在调用任何与SSL相关的方法之前,我已经按照建议以编程方式禁用了SNI。在第二个问题的答案和第三个问题的答案之后,我将论坛的证书添加到证书列表中: C:\Program Files\Java\jdk1.8.0_65\jre

我正在尝试检索使用java的SSL证书的论坛的索引页:

WebClient webClient = new WebClient(...);
HtmlPage sectionPage = webClient.getPage("https://rstforums.com/");
在调用任何与SSL相关的方法之前,我已经按照建议以编程方式禁用了SNI。在第二个问题的答案和第三个问题的答案之后,我将论坛的证书添加到证书列表中:

C:\Program Files\Java\jdk1.8.0_65\jre\lib\security>keytool -import -alias RST_CERT -file forums_certificate -keystore cacerts
其中
论坛\u证书
包含:

-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIQLIJ9H3N2RZkAeZ8Jmma6RzANBgkqhkiG9w0BAQsFADBI
MRswGQYDVQQDExJFU0VUIFNTTCBGaWx0ZXIgQ0ExHDAaBgNVBAoTE0VTRVQsIHNw
b2wuIHMgci4gby4xCzAJBgNVBAYTAlNLMB4XDTE1MTEyNDEyNTI0MFoXDTE2MTEy
NDEyNTMyMlowWjELMAkGA1UEBhMCUk8xGjAYBgNVBAMTEXd3dy5yc3Rmb3J1bXMu
Y29tMS8wLQYJKoZIhvcNAQkBFiByc3Rmb3J1bXMuY29tQGRvbWFpbnNieXByb3h5
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9jSCt9p+g3wdP9
KhmNQuB5NZMlDoL0A5ONzUat5RPf1iQ91+1EWfS1j93X6m5mMSs5+RMc259TjMPv
oxSq9lK7Z0ZwUdHPkjVmMDKOOlho2zh1ZTh7W26dT8UmeuofgFCxaJBuThalWkpg
qT5GgpcuIXWQVlB4vD43/wdPhWFUZ1QhFgK/HppiXVfKNbBRNM69iSbjzkBbstXI
68yLxtbzwOqEdIpJ5CWxQCr0+BCk7SPGHyXbJaVL1SuQ/7Th8PkJd43bBTLsVY5w
WemSZfEoqeCeHUxeMSdMy1FKkUBTlvZBn+KBVUAJ419rE+Jgrp4tikwjJxEjB/Ko
Uwdkb9ECAwEAAaNuMGwwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAd
BgNVHQ4EFgQU9+VnJO4u71+3bAS9hYFiXtzG+FswKwYDVR0RBCQwIoIRd3d3LnJz
dGZvcnVtcy5jb22CDXJzdGZvcnVtcy5jb20wDQYJKoZIhvcNAQELBQADggEBAHxq
icR/mSh0TTQlb6SreCyxNyO4KflAOnp3yFnFStVo7wxI5Ixb2jCUP/IGxSwJeN2p
AEzAWXls9NoMVcEIbIfGcdsvJS1yyh6GeWVzBrMNOde1/2590ipsPKyQAk2j1zPl
96kWnPWTB6DtSbB3AI4dWeawwkh2D5+NL5HMjQwm3Lb3EhKQgBPLboygg12E+JXP
ydZjIZWC/42nN5ZMHXXrGnxac5F3tMwkyng0qDWLpSoa3c3ep43Tgwo08RFuZzuV
7hvvG006M4QMQj/nbQXzhbjko3cRVegvV9xKnNxe5oCArTK5HNkfPhEM/G48ed4h
z99OS5+RiB/NLTfzlPc=
-----END CERTIFICATE-----
证书已成功添加,并在列出其条目时显示在密钥库中:

rst_cert, Feb 3, 2016, trustedCertEntry, 
Certificate fingerprint (SHA1): 25:39:98:FC:FF:DE:2D:24:BC:F0:78:93:D6:2E:5A:55:64:D5:09:8A
当我尝试重新运行发出新请求的应用程序时,会出现相同的错误:

sun.security.validator.ValidatorException: PKIX path building failed: sun.securi
ty.provider.certpath.SunCertPathBuilderException: unable to find valid certifica
tion path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
ava:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
pl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
agerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1491)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1375)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
        at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBu
ilder.java:146)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
PathBuilder.java:131)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 15 more
我有建议(下载了SSLPoke),但错误仍然存在。为什么无法识别证书?

我已使用openssl(来自cygwin(我正在使用Win7))成功删除证书并将其添加到密钥库

要使用openssl检索证书,请执行以下操作:

openssl x509 -in <(openssl s_client -connect rstforums.com:443 -prexit 2>/dev/null) -out ~/rst_cert.crt

keytool -importcert -file ~/example.crt -alias example -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
要添加使用openssl下载的证书,请执行以下操作:

openssl x509 -in <(openssl s_client -connect rstforums.com:443 -prexit 2>/dev/null) -out ~/rst_cert.crt

keytool -importcert -file ~/example.crt -alias example -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
使用firefox下载的证书显然无效

对于本地主机开发人员, 经过数小时的工作,比如向cacert添加证书,生成jks文件,使用InstallCert.java。。。以下是解决方案,忽略证书,覆盖TrustManager,就像一个符咒:

您是否正在使用
HtmlUnit
?如果是,为什么不禁用/忽略SSL检查?是否检查了证书的内容?上面写的是“www.rstforums.com”而不是“forum.com”。@Eng.Fouad我确实禁用了它。@Rainer Montag在代码中是rstforums.com。现在编辑它(错误仍然存在)。这似乎是个好主意。但是-opensslx509-in/dev/null)-out~/rst_cert.crt给出了以下错误打开证书/proc/3756/fd/63##########9072时出错:020003:系统库:fopen:没有这样的进程:bss#u文件.c:398:fopen('/proc/3756/fd/63','rb')#####9072:错误:20074002:BIO例程:文件(u-CTRL:system-lib:bss35u-file.c:fopen无法读取和删除证书