PKIX 路径构建失败:SunCertPathBuilderException:无法找到到请求目标的有效认证路径
[英]PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target
问题描述
I am using WSO2 API manager and keycloak servers for API gateway and user authentication.
我正在使用 WSO2 API 管理器和 keycloak 服务器进行 API 网关和用户身份验证。 Both are running on Openshift 3.11.两者都在 Openshift 3.11 上运行。 On the browser, while trying to redirect to a store page on wso2 apim getting below error.在浏览器上,尝试重定向到 wso2 apim 上的商店页面时出现以下错误。 Also, I am using a self-signed certificate generared using keytool for both the servers and it is also imported into JVM cacerts respectively.此外,我正在为两个服务器使用使用 keytool 生成的自签名证书,它也分别导入到 JVM cacerts 中。 Open JDK version is 1.8.开放 JDK 版本为 1.8。
ERROR - WebAppManager org.mozilla.javascript.WrappedException: Wrapped javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (/store/jagg/jaggery_oidc_acs.jag#39)
I am getting fatal Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown in the ssl logs SSL Trace我得到了致命的 Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown in the ssl logs SSL Trace
WSO2 api manager serverlogs
*** ClientHello, TLSv1.2
RandomCookie: GMT: -779209738 bytes = { 34, 29, 203, 199, 214, 88, 147, 174, 199, 184, 79, 68, 86, 150, 221, 45, 65, 169, 84, 10, 255, 155, 151, 74, 102, 245, 103, 39 }
Session ID: {42, 139, 29, 172, 52, 46, 203, 207, 29, 65, 141, 230, 125, 206, 41, 206, 87, 139, 101, 118, 40, 54, 120, 240, 148, 225, 222, 95, 130, 19, 238, 225}
Cipher Suites: [Unknown 0xa:0xa, Unknown 0x13:0x1, Unknown 0x13:0x2, Unknown 0x13:0x3, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_43690, data:
Extension server_name, server_name: [type=host_name (0), value=wso2carbon-customwso2.10.100.90.136.nip.io]
Unsupported extension type_23, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {unknown curve 10794, unknown curve 29, secp256r1, secp384r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown (hash:0x8, signature:0x5), SHA384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA
Unsupported extension type_18, data:
Unsupported extension type_51, data: 00:29:2a:2a:00:01:00:00:1d:00:20:99:11:79:8f:3e:ca:9d:37:55:00:cf:54:3b:23:10:b1:71:93:92:06:81:ee:0f:b8:53:6e:e2:bf:23:b2:35:4e
Unsupported extension type_45, data: 01:01
Unsupported extension type_43, data: 0a:4a:4a:03:04:03:03:03:02:03:01
Unsupported extension type_27, data: 02:00:02
Unsupported extension type_47802, data: 00
Unsupported extension type_21, data: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
***
%% Initialized: [Session-11, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-11, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1558345095 bytes = { 0, 101, 202, 146, 210, 87, 107, 127, 247, 125, 156, 64, 134, 222, 141, 197, 11, 134, 90, 77, 183, 201, 188, 129, 108, 229, 69, 60 }
Session ID: {93, 226, 118, 135, 111, 45, 217, 124, 93, 2, 72, 71, 38, 116, 139, 207, 16, 91, 42, 171, 119, 141, 227, 122, 189, 253, 147, 133, 229, 78, 153, 32}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=wso2carbon-customwso2.10.100.90.136.nip.io, OU=Support, O=WSO2, L=Colombo, ST=Western, C=LK
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 24093749320119526217646893112163833209990474156688526832095621197039887367241482686643283752190553598539694041780318444455437473717327292475492934518259361370685860893170612648201871219684080088211608067291176086279564665228754086702863628019875085423939062501065434105176143021495735869756161068709421567662413327234744251786230141003775511653021592979156235418584147136970244449197736325946516688826096049982279922898011020940527605742056019219863317365450049812143562126732358220198845931195726312193213776283582315871213628750612092393628809426922961515763709022778700015014889582902887232786822789004520865673971
public exponent: 65537
Validity: [From: Fri Nov 29 07:02:23 UTC 2019,
To: Mon Nov 26 07:02:23 UTC 2029]
Issuer: CN=wso2carbon-customwso2.10.100.90.136.nip.io, OU=Support, O=WSO2, L=Colombo, ST=Western, C=LK
SerialNumber: [ 24b1e8e1]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 AC 4E 4A 58 57 29 25 C2 C4 0B 1A AD 3E 66 2E ..NJXW)%.....>f.
0010: C1 8A EC 66 ...f
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1D 01 81 69 ED BF F6 10 F6 17 D4 F2 87 63 D5 A2 ...i.........c..
0010: 12 CF 1A 09 ED FA E5 E3 24 18 03 FF E0 3B 0C A5 ........$....;..
0020: 31 0C D8 4B C5 FB 61 10 61 F5 42 71 E3 52 2F 70 1..K..a.a.Bq.R/p
0030: 97 B8 1F 61 96 0C 5F DB BA B5 A2 DF 42 79 E3 BA ...a.._.....By..
0040: 3C A8 C0 9C A5 8C 70 F9 51 46 36 39 D6 5A AA D7 <.....p.QF69.Z..
0050: 6E DD F0 35 E0 D0 FC AA 78 C2 57 4D BC E8 B1 FB n..5....x.WM....
0060: FF 03 C5 39 5B 06 8C FC 6F DA 42 B4 13 7D A9 14 ...9[...o.B.....
0070: 7B D2 5F A0 29 28 52 78 D8 F7 E7 2E 26 78 1C 4F .._.)(Rx....&x.O
0080: 16 A8 6B 02 3B FA 40 F2 4B AD 03 7D D0 9A F9 94 ..k.;.@.K.......
0090: 7E A9 48 D4 B6 58 A9 61 4E F0 CF 9A B5 77 8C B7 ..H..X.aN....w..
00A0: 74 76 FF 24 F2 B5 98 EE 70 1E 04 48 6F 54 1B EC tv.$....p..HoT..
00B0: 98 B8 7B B0 58 F3 11 F5 FB 2B 39 5C 3E 78 83 E5 ....X....+9\>x..
00C0: 86 2A 4A 83 D6 4C 8D 08 54 43 C3 57 5F C1 27 9A .*J..L..TC.W_.'.
00D0: 31 E8 77 A9 0B 2B F3 25 CB 7A 30 CF 45 CA 80 2A 1.w..+.%.z0.E..*
00E0: 4A C2 AC 5C 79 8F 25 70 E8 20 11 FC B5 BC 3E 1D J..\y.%p. ....>.
00F0: B4 B3 69 5D F9 2E 5C 83 AB 8F C3 1C A7 B1 5F F0 ..i]..\......._.
]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 30783140126565731034039954914815296826962617090801880033831456830219573014758
public y coord: 112055812426524440654969792257542967866103028528061549518876777480127240144881
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
http-nio-9443-exec-17, WRITE: TLSv1.2 Handshake, length = 1375
http-nio-9443-exec-19, READ: TLSv1.2 Alert, length = 2
http-nio-9443-exec-19, RECV TLSv1.2 ALERT: fatal, certificate_unknown
http-nio-9443-exec-19, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-19, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
http-nio-9443-exec-19, called closeOutbound()
http-nio-9443-exec-19, closeOutboundInternal()
http-nio-9443-exec-19, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-9443-exec-19, WRITE: TLSv1.2 Alert, length = 2
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
1 个解决方案
解决方案1
0 2020-03-11 00:16:11
Are you sure that you are importing the right certificate?您确定要导入正确的证书吗? Seems to be that you are importing the wrong one or you are not using the cacerts that you think you are.似乎是您导入了错误的证书,或者您没有使用您认为的 cacerts。
Please check both请检查两者
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
javax.mail.MessagingException:PKIX 路径构建失败:SunCertPathBuilderException:无法找到请求目标的有效证书路径; - javax.mail.MessagingException: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target;
SSLHandshakeException:PKIX 路径构建失败 SunCertPathBuilderException:无法找到请求目标的有效证书路径 - SSLHandshakeException: PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX 构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径 - PKIX building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效认证路径? - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target?
CXF:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径 - CXF:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效认证路径 - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
无法找到到请求的目标PKIX路径构建的有效证书路径失败:sun.security.provider.certpath.SunCertPathBuilderException - unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
JDK8-> JDK10:PKIX路径构建失败:SunCertPathBuilderException:无法找到到请求目标的有效证书路径 - JDK8 -> JDK10: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX 路径构建失败:SunCertPathBuilderException:无法找到请求的有效证书路径 - PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested
JavaMail中的错误:PKIX路径构建失败,无法找到所请求目标的有效证书路径 - Error in JavaMail : PKIX path building failed unable to find valid certification path to requested target
相关标签