Oracle JDK 上仍然存在 PKIX 路径构建失败错误
[英]PKIX path building failed error persists on Oracle JDK
问题描述
The problem
问题
EDIT : The first version of this question gave the impression that my problem had something to do with Maven.编辑:这个问题的第一个版本给人的印象是我的问题与 Maven 有关。 I rephrased to put more focus on the JDK.我改写为更加关注 JDK。
I get the sun.security.provider.certpath.SunCertPathBuilderException: PKIX path building failed when trying to contact any SSL-enabled service using Java.尝试使用 Java 联系任何启用 SSL 的服务时,我收到sun.security.provider.certpath.SunCertPathBuilderException: PKIX path building failed 。 Answers to other relevant questions did not stop the error for me.对其他相关问题的回答并没有阻止我犯错。
The error appears both with any Maven task, such as below...任何 Maven 任务都会出现该错误,如下所示...
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean) on project foundation-ddl: Execution default-clean of goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean failed: Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to collect dependencies at org.apache.maven.plugins:maven-clean-plugin:jar:2.5 -> org.apache.maven:maven-plugin-api:jar:2.0.6: Failed to read artifact descriptor for org.apache.maven:maven-plugin-api:jar:2.0.6: Could not transfer artifact org.apache.maven:maven-plugin-api:pom:2.0.6 from/to example (https://example.com/artifactory/repo/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
...Or if I execute a jar that contacts a SSL service ...或者如果我执行一个与 SSL 服务联系的 jar
$ java -jar atlassian-bamboo-agent-installer-5.9.7.jar http://...
INFO | jvm 1 | 2016/03/09 10:59:21 | 2016-03-09 10:59:21,381 FATAL [WrapperSimpleAppMain] [AgentBootstrap] Exiting due to fatal exception.
INFO | jvm 1 | 2016/03/09 10:59:21 | javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
INFO | jvm 1 | 2016/03/09 10:59:21 | at com.atlassian.bamboo.agent.bootstrap.AgentContext.initFingerprint(AgentContext.java:118)
INFO | jvm 1 | 2016/03/09 10:59:21 | at com.atlassian.bamboo.agent.bootstrap.AgentContext.initServerSession(AgentContext.java:103)
INFO | jvm 1 | 2016/03/09 10:59:21 | at com.atlassian.bamboo.agent.bootstrap.AgentContext.run(AgentContext.java:94)
INFO | jvm 1 | 2016/03/09 10:59:21 | at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.run(AgentBootstrap.java:95)
INFO | jvm 1 | 2016/03/09 10:59:21 | at com.atlassian.bamboo.agent.bootstrap.AgentBootstrap.main(AgentBootstrap.java:41)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO | jvm 1 | 2016/03/09 10:59:21 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 1 | 2016/03/09 10:59:21 | at java.lang.reflect.Method.invoke(Method.java:498)
INFO | jvm 1 | 2016/03/09 10:59:21 | at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
INFO | jvm 1 | 2016/03/09 10:59:21 | at java.lang.Thread.run(Thread.java:745)
INFO | jvm 1 | 2016/03/09 10:59:21 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What I tried我试过的
- These answers to: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?这些答案是: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- I used InstallCert to visit the hosts on which I get the exception, and I added the certificates to the trust store successfully.我使用InstallCert访问了出现异常的主机,并且我成功地将证书添加到了信任存储中。 To verifiy, IntelliCert prints
No errors, certificate is already trusted, but that didn't stop the error.为了验证,IntelliCert 打印No errors, certificate is already trusted,但这并没有阻止错误。 - The fact Step 2 didn't stop the error made me think (in the Maven case) that Maven was using a different truststore.事实上,步骤 2 并没有阻止错误让我认为(在 Maven 的情况下)Maven 使用的是不同的信任库。 I used the answer to ' How to change maven java home ' to make sure Maven was at least using the same Java instance I was thinking about (which is in Oracle JDK 1.8).我使用了“ 如何更改 maven java home ”的答案来确保 Maven 至少使用了我正在考虑的相同 Java 实例(在 Oracle JDK 1.8 中)。 This didn't change anything, so I'm now looking at the JDK.这没有改变任何东西,所以我现在正在研究 JDK。
The well-known ways to fix this issue don't seem to work.解决此问题的众所周知的方法似乎不起作用。 How can I stop the error, fix my JDK and finally use SSL-enabled services again?如何停止错误、修复我的 JDK 并最终再次使用启用 SSL 的服务?
2 个解决方案
解决方案1
2 已采纳 2016-03-18 19:52:53
After futile investigation I ended up purging and reinstalling the JDK, which resolved the issue.经过徒劳的调查,我最终清除并重新安装了 JDK,从而解决了问题。 The version of the JDK did not change. JDK 的版本没有改变。 For those of you reaching this page for this issue via Google, just do that and save yourself the dread.对于那些通过谷歌访问此问题的页面的人,只需这样做,就可以避免恐惧。
解决方案2
0 2016-03-08 19:50:32
You should check JDK version you are using and install the Intermediate certificates as well as CAs (if it is self signed or internal signed ) into the JDK which maven is using.您应该检查您正在使用的 JDK 版本并将中间证书以及 CA(如果它是自签名或内部签名)安装到 maven 正在使用的 JDK 中。 I think that resolve the problem.我认为这可以解决问题。
removing ~/.m2/repository should not be the reason.删除 ~/.m2/repository 不应该是原因。 make sure the has not changed the Certificate Recently.确保最近没有更改证书。
You could even use the following maven options to locate your trust store and keystore.您甚至可以使用以下 Maven 选项来定位您的信任库和密钥库。
MAVEN_OPTS="-Xmx512m -Djavax.net.ssl.trustStore=trust.jks \
-Djavax.net.ssl.trustStorePassword= \
-Djavax.net.ssl.keyStore=/home/directory/mycertificate.p12 \
-Djavax.net.ssl.keyStoreType=pkcs12 \
-Djavax.net.ssl.keyStorePassword=XXXXXX"
Please refer to below URL it's good guide for Maven SSL configuration请参考以下 URL,这是 Maven SSL 配置的好指南
https://maven.apache.org/guides/mini/guide-repository-ssl.html https://maven.apache.org/guides/mini/guide-repository-ssl.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.