看到SSLFactory使用的密钥库了吗? 异常:“ sun…certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径”
[英]See keystore used by SSLFactory? Exception: “sun…certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
问题描述
Authorize.net updated their production certificates, and now our SSL code is generating the following exception: 
Authorize.net更新了其生产证书,现在我们的SSL代码正在生成以下异常:
Exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
According to this blog post from Authorize.net , we need to install new root certs on our server. 根据Authorize.net的这篇博客文章 ,我们需要在服务器上安装新的根证书。 We did this, but the exception persists. 我们这样做了,但是异常仍然存在。 So now the suspicion is that new certs weren't installed to the right keystore. 因此,现在有人怀疑没有将新证书安装到正确的密钥库中。 How do we see which keystore is being used by the code? 我们如何查看代码正在使用哪个密钥库?
Here's the code below: 这是下面的代码:
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(addr,443);
And yes, we should use Stripe instead, but this site was built long before Stripe came around. 是的,我们应该改用Stripe,但是这个站点是在Stripe出现之前很久才建立的。 :( :(
1 个解决方案
解决方案1
0 2019-08-29 15:41:37
Solution is to add that certificate to java cacerts file so that it got permanently accepted. 解决方案是将该证书添加到java cacerts文件中,以使其被永久接受。
Step 1 : Get root certificate of https://www.wikipedia.org (or any url you want to access) 第1步:获取https://www.wikipedia.org的根证书(或您要访问的任何URL)
- Open https://www.wikipedia.org in a chrome browser. 在Chrome浏览器中打开https://www.wikipedia.org 。
- locate Lock symbol just besides your address bar and click on it. 在地址栏旁边找到“锁定”符号,然后单击它。
- view Details 查看详情
- Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase. 单击层次结构上最上面的证书,并确认它带有根CA短语。
- drag and drop that image which you saw written certificate on desktop. 拖放在桌面上看到书面证书的图像。
Thats it! 而已! you got your root certificate! 您获得了根证书!
Step 2 : Get that certificate added to java cacerts file. 步骤2:将证书添加到java cacerts文件。
- use keytool.exe inside your jre bin folder. 在jre bin文件夹中使用keytool.exe。
- fire following command to place your certificate inside cacerts file 触发以下命令将您的证书放入cacerts文件中
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! 这就对了! you got your problem resolved. 您解决了问题。
PLEASE NOTE 请注意
Do confirm that the jre which is giving you this PKIX error(JRE used by KAFKA) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
请确认执行此STEP 2的位置的jre产生了PKIX错误(KAFKA使用的JRE)。如果您尝试使用其他jre问题,将保持原样。 Do use only one jre which is inside JDK it decreases chance to have issues.
请仅在JDK内使用一个jre,这样可以减少出现问题的机会。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.