PKIX路径构建失败:无法找到请求的目标的有效证书路径-导入的CERT
[英]PKIX path building failed: unable to find valid certification path to requested target - imported CERT
问题描述
I am trying to use get request on site with REST API. 
我正在尝试通过REST API在站点上使用get请求。 However the link to acces it is an IP address and I am getting the: 但是,访问的链接是IP地址,我得到了:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到指向所请求目标的有效证书路径
When I use the same exact link in browser, it works. 当我在浏览器中使用相同的确切链接时,它可以工作。
How can I solve this issue? 我该如何解决这个问题?
Below is my code: 下面是我的代码:
public static void main(String[] args) {
System.getProperties().put( "proxySet", "true" );
System.getProperties().put( "socksProxyHost", "xxx.xxx.xxx.xxx" );
System.getProperties().put( "socksProxyPort", "xxxx" );
URL requestLink = ismTicketManager.UrlEncode.convertToURLEscapingIllegalCharacters("https://xx.xx.xx.xx/e/528f5016-6fd9-403f-85e4-5a54bb2498b9/api/v1/problem/feed?relativeTime=30mins&Api-Token=xxxxx");
try {
HttpURLConnection targetConn = (HttpURLConnection)requestLink.openConnection();
targetConn.setRequestMethod("GET");
System.out.println(targetConn.getResponseCode());
} catch (Exception e) {
e.printStackTrace();
System.out.println("Connection failed");
}
static {
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("127.0.0.1"));
}
}
I exported the cert from firefox and imported it into the cacerts file: The cacerts file list looks like this: 我从firefox导出了证书,并将其导入了cacerts文件:cacerts文件列表如下所示:
restapi, 25-Sep-2018, trustedCertEntry, Certificate fingerprint (SHA1): AB:6D:C6:2E:9F:B3:D9:48:1E:A9:84:AA:DD:03:64:1D:7C:08:42:CE restapi,2018年9月25日,trustedCertEntry,证书指纹(SHA1):AB:6D:C6:2E:9F:B3:D9:48:1E:A9:84:AA:DD:03:64:1D:7C: 08:42:CE
How can I solve this? 我该如何解决?
EDIT: Solved thanks to Guillaume. 编辑:解决了感谢纪尧姆。 My problem was that I have program files/JDK and program files/JRE. 我的问题是我有程序文件/ JDK和程序文件/ JRE。 I was importing into the cacerts file in JDK, while eclipse was using the JRE. 我正在Eclipse中使用JRE导入到JDK中的cacerts文件中。 This was discovered thansk to the -Djavax.net.debug=ssl VM argument. 在-Djavax.net.debug = ssl VM参数中发现了this。
Also the IP in : 还有IP:
static {
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("10.31.17.38"));
}
should be equal to the one in the variable requestLink that I am using. 应该等于我正在使用的变量requestLink中的那个。 In fact when I did not do this, I got an error telling me exactly that. 实际上,当我没有这样做时,我会确切地告诉我一个错误。
1 个解决方案
解决方案1
0 已采纳 2018-09-25 12:50:05
It could be that the website does not send the full certification path (including the root). 该网站可能未发送完整的认证路径(包括根目录)。 Try adding this VM option: -Dcom.sun.security.enableAIAcaIssuers=true 尝试添加此VM选项: -Dcom.sun.security.enableAIAcaIssuers=true
When launching the Java program from command line, your command should look like that (as explained in the Oracle doc ) 从命令行启动Java程序时,您的命令应如下所示(如Oracle doc中所述 )
java -Dcom.sun.security.enableAIAcaIssuers=true <Main Class>
When launching from Eclipse the option should be added under "VM Arguments:" 从Eclipse启动时,应在“ VM Arguments:”下添加该选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.