简体繁体 English

PKIX路径构建失败：wso2 oauth

[英]PKIX path building failed: wso2 oauth

原文 2016-05-19 13:35:44 5 4 java/ oauth-2.0/ wso2/ wso2is

I am running the sample of playground2 from wso2 this post , I am getting following error when I am submitting the form for Get Access Token 我正在这篇文章中从wso2运行parker2的示例，在提交获取访问令牌的表单时遇到以下错误

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：找不到指向所请求目标的有效证书路径

4 个解决方案

Did you try adding the certificate of the server to java ca. 您是否尝试将服务器的证书添加到javaca。 Basically you need to add the certificate of the WSO2 server to the java cacerts. 基本上，您需要将WSO2服务器的证书添加到java cacerts中。 Bellow post explains how to add the certificate of the super tenant to java cacerts Bellow帖子解释了如何将超级租户的证书添加到java cacerts

http://isharaaruna.blogspot.com/2013/11/adding-certificate-to-java-ca.html?view=timeslide http://isharaaruna.blogspot.com/2013/11/adding-certificate-to-java-ca.html?view=timeslide

That exception usually means that the OAuth client doesn't trust the server's SSL certificate I assume it happens when calling the token service the get the user token, more information (full stacktrace?) could be more useful to find out what is going on. 该异常通常意味着OAuth客户端不信任服务器的SSL证书（我认为它是在调用令牌服务以获取用户令牌时发生的），更多信息（完整stacktrace？）可能对发现正在发生的事情更为有用。

The first thing you can try is to import the server public certificate to the client's (tomcat) truststore. 您可以尝试做的第一件事是将服务器公共证书导入到客户端的（tomcat）信任库中。

I assume you need to take the SSL certificate of the WSO2 IS server (just export it via your browser) and create an additional Tomcat trutstore ( exaamples ) 我假设您需要获取WSO2 IS服务器的SSL证书（只需通过浏览器将其导出）并创建一个额外的Tomcat trutstore（例如）

After googling I found solution, If any one facing with similar issue follow this steps:- 谷歌搜索后，我找到了解决方法，如果有人遇到类似问题，请按照以下步骤操作：-

1) save this code with name InstallCert.java 1）将此代码保存为名称InstallCert.java

2) compile and run with, 2）编译并运行，

java InstallCert ipaddress:port java InstallCert ipaddress：端口

Here, ipaddress and port is your ipaddress and port number from where your are trying to Handshake 此处，ipaddress和port是您尝试进行握手的IP地址和端口号

3) press 1 when it asked for 3）询问时按1

4) after that it'll generate some crt file, pest it under your JAVA_HOME/jre/lib/security 4）之后，它将生成一些crt文件，将其粘贴到您的JAVA_HOME / jre / lib / security下

5) restart your server 5）重启服务器

You need to incert https site's ssl root certificate to cacert of jre. 您需要使https站点的ssl根证书不安全，以确保jre的安全。

I think THIS post would really help it is descriptive enough. 我认为这篇文章确实可以提供足够的描述性。

please make sure you are performing all actions on jre which is used by your application. 请确保对应用程序使用的jre执行所有操作。