[英]See keystore used by SSLFactory? Exception: “sun…certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
Authorize.net updated their production certificates, and now our SSL code is generating the following exception: Authorize.net更新了其生产证书,现在我们的SSL代码正在生成以下异常:
Exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
According to this blog post from Authorize.net , we need to install new root certs on our server. 根据Authorize.net的这篇博客文章 ,我们需要在服务器上安装新的根证书。 We did this, but the exception persists. 我们这样做了,但是异常仍然存在。 So now the suspicion is that new certs weren't installed to the right keystore. 因此,现在有人怀疑没有将新证书安装到正确的密钥库中。 How do we see which keystore is being used by the code? 我们如何查看代码正在使用哪个密钥库?
Here's the code below: 这是下面的代码:
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(addr,443);
And yes, we should use Stripe instead, but this site was built long before Stripe came around. 是的,我们应该改用Stripe,但是这个站点是在Stripe出现之前很久才建立的。 :( :(
Solution is to add that certificate to java cacerts file so that it got permanently accepted. 解决方案是将该证书添加到java cacerts文件中,以使其被永久接受。
Step 1 : Get root certificate of https://www.wikipedia.org (or any url you want to access) 第1步:获取https://www.wikipedia.org的根证书(或您要访问的任何URL)
Thats it! 而已! you got your root certificate! 您获得了根证书!
Step 2 : Get that certificate added to java cacerts file. 步骤2:将证书添加到java cacerts文件。
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore / PATH / TO / YOUR / JDK / jre / lib / security / cacerts -storepass changeit
That is it! 这就对了! you got your problem resolved. 您解决了问题。
PLEASE NOTE 请注意
Do confirm that the jre which is giving you this PKIX error(JRE used by KAFKA) that is where you are performing STEP 2. If you would try with another jre problem would be as it is. 请确认执行此STEP 2的位置的jre产生了PKIX错误(KAFKA使用的JRE)。如果您尝试使用其他jre问题,将保持原样。
Do use only one jre which is inside JDK it decreases chance to have issues. 请仅在JDK内使用一个jre,这样可以减少出现问题的机会。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.