[英]Java is 'unable to find valid certification', although TrustStore contains root certificate
I'm trying to send an HttpRequest to " https://api.ecs.echa.europa.eu " using我正在尝试使用 HttpRequest 向“ https://api.ecs.echa.europa.eu ”发送
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.ecs.echa.europa.eu"))
.GET()
.build();
HttpClient httpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).build();
HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
Executing this code I get javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
执行此代码我得到
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Now I already found a solution to this problem by adding the certificate to my java truststore under $JAVA_HOME/jre/lib/security/cacerts
现在我已经通过将证书添加到
$JAVA_HOME/jre/lib/security/cacerts
下的 java truststore 找到了解决此问题的方法
What I still don't understand, is why this is necessary:我仍然不明白,这是为什么这是必要的:
The specific website ( https://api.ecs.echa.europa.eu ) uses the root certificate DigiCert Global Root CA , which is already contained in the java truststore.特定网站( https://api.ecs.echa.europa.eu )使用根证书DigiCert Global Root CA ,该证书已包含在 java 信任库中。 Why is that not enough?
为什么这还不够?
Sending requests to other websites that use this root certificate does work...向使用此根证书的其他网站发送请求确实有效...
Thanks for your help :)谢谢你的帮助 :)
The reason why this error happens (probably) is because of a misconfigured server.发生此错误的原因(可能)是因为服务器配置错误。 You can check here: https://whatsmychaincert.com/?api.ecs.echa.europa.eu
您可以在这里查看: https : //whatsmychaincert.com/?api.ecs.echa.europa.eu
This site will tell you if your server cert chain is properly configured, which doesn't seem so.该站点会告诉您您的服务器证书链是否已正确配置,但似乎并非如此。
Also, you are able generate the full cert chain on the same site using your public key.此外,您可以使用您的公钥在同一站点上生成完整的证书链。
Try to fix this and test again.尝试修复此问题并再次测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.