堆栈内存溢出
  简体   繁体   English

Maven 项目构建 wget jar 由于 SSLHandshakeException 使用 download-maven-plugin 下载失败:ValidatorException:PKIX 路径构建失败

[英]Maven project build wget jar download using download-maven-plugin failed due to SSLHandshakeException:ValidatorException:PKIX path building failed

 原文  2020-05-14 18:25:26       java/ maven/ jmx/ newrelic-platform

问题描述

I am trying to build NewRelic nrjmx project using maven.我正在尝试使用 maven 构建 NewRelic nrjmx 项目。 While building I am getting an error message:在构建时,我收到一条错误消息:

    main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    [WARNING] Could not get content
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException (Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal (SSLSocketImpl.java:1946)
...
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild (PKIXValidator.java:397)
...
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build (SunCertPathBuilder.java:141)
...

I am using download-maven-plugin for that.为此,我正在使用download-maven-plugin

           <plugin>
                <groupId>com.googlecode.maven-download-plugin</groupId>
                <artifactId>download-maven-plugin</artifactId>
                <version>1.6.0</version>
                <executions>
                    <execution>
                        <id>download-jmxterm</id>
                        <phase>process-resources</phase>
                        <goals>
                            <goal>wget</goal>
                        </goals>
                        <configuration>
                            <url>https://github.com/jiaqi/jmxterm/releases/download/v1.0.1/jmxterm-1.0.1-uber.jar</url>
                            <unpack>false</unpack>
                            <outputDirectory>${project.basedir}/bin</outputDirectory>
                            <outputFileName>jmxterm.jar</outputFileName>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

While trying to resolve the issue I imported a GitHub certificate to mavenRepoKeystore which is also explicitly specified in JVM parameters along with -Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2 .在尝试解决该问题时,我将 GitHub 证书导入到mavenRepoKeystore ,该证书也在JVM参数以及-Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2中明确指定。

This is all running on Windows 10 .这一切都在Windows 10上运行。 B/c I thought it could be a Windows problem I also imported GitHub certificate to Windows store as well utilizing mmc.exe . B/c 我认为这可能是Windows问题我还使用mmc.exe将 GitHub 证书导入Windows存储。

And last not least, I added -Djavax.net.debug=ssl:handshake:verbose JVM parameter and got the bellow [putting the most IMHO relevant part of it only and it's still too big]:最后同样重要的是,我添加了-Djavax.net.debug=ssl:handshake:verbose JVM 参数并得到了下面的[只放了与恕我直言最相关的部分,它仍然太大]:

***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: <string deleted due to space stakeoverflow space limits>
  public exponent: 65537
  Validity: [From: Mon May 04 20:00:00 EDT 2020,
               To: Tue May 10 08:00:00 EDT 2022]
  Issuer: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    0557c80b 282683a1 7b0a1144 93296b79]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
<string deleted due to space stakeoverflow space limits>

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
, 
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 51 68 FF 90 AF 02 07 75   3C CC D9 65 64 62 A2 12  Qh.....u<..edb..
0010: B8 59 72 3B                                        .Yr;
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/sha2-ha-server-g6.crl]
, DistributionPoint:
     [URIName: http://crl4.digicert.com/sha2-ha-server-g6.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: github.com
  DNSName: www.github.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 63 02 D2 5D 02 5F F7 8D   D5 5A 12 9E 76 11 36 96  c..]._...Z..v.6.
0010: 86 2C 8A 48                                        .,.H
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
  <string deleted due to space stakeoverflow space limits>

]
main, READ: TLSv1.2 Handshake, length = 333
check handshake state: server_key_exchange[12]
update handshake state: server_key_exchange[12]
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 112296508858380326870690677452737829048060531381886774137631438376204697373330
  public y coord: 12801830262323178422868437149828104712667535421417034366099358551680797824620
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
main, READ: TLSv1.2 Handshake, length = 4
check handshake state: server_hello_done[14]
update handshake state: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 145, 254, 200, 140, 177, 112, 135, 121, 15, 148, 254, 174, 65, 122, 88, 160, 142, 93, 207, 110, 29, 231, 60, 24, 66, 157, 230, 45, 249, 233, 231, 250, 73, 148, 60, 58, 208, 93, 185, 124, 237, 175, 244, 139, 129, 43, 83, 161, 82, 188, 12, 53, 44, 218, 71, 17, 235, 136, 153, 234, 84, 238, 75, 13 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 22 9E BD 05 55 E1 BD 1C   46 C9 63 C3 93 36 EA 2B  "...U...F.c..6.+
0010: 9C 8C A7 BB 71 8E 6F 78   BA 6A 2F 97 7B B4 0A 45  ....q.ox.j/....E
CONNECTION KEYGEN:
Client Nonce:
0000: 5E BD 82 D0 42 25 5B 4A   CE 91 ED F3 B9 D2 8E 96  ^...B%[J........
0010: 18 5C A2 FC D0 44 9B 80   20 2E F7 42 BB F6 99 9A  .\...D.. ..B....
Server Nonce:
0000: 97 7C A3 1D 5A 66 DA E8   D6 15 6E E7 15 C9 67 2B  ....Zf....n...g+
0010: 88 32 9C 07 6D 93 BB 2E   44 4F 57 4E 47 52 44 01  .2..m...DOWNGRD.
Master Secret:
0000: A9 53 88 20 5E 46 89 B6   8A 59 B6 11 FC 20 EF 27  .S. ^F...Y... .'
0010: A8 28 52 BC 9D 77 56 51   6A 7C E5 44 3C E3 56 40  .(R..wVQj..D<.V@
0020: A9 7A B5 EA E7 16 E4 6A   0D D4 62 BC 32 54 AA AB  .z.....j..b.2T..
... no MAC keys used for this cipher
Client write key:
0000: B0 E9 EA A7 30 CF F4 3B   55 83 85 EB 29 08 B0 4D  ....0..;U...)..M
Server write key:
0000: 92 A8 61 CF CA 14 E3 90   DC 9D B1 27 2B 2D 70 77  ..a........'+-pw
Client write IV:
0000: 3A 05 A7 14                                        :...
Server write IV:
0000: 36 56 D5 86                                        6V..
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 121, 53, 115, 17, 105, 60, 72, 138, 10, 32, 6, 190 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1.2 Handshake, length = 40
main, READ: TLSv1.2 Change Cipher Spec, length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
main, READ: TLSv1.2 Handshake, length = 40
check handshake state: finished[20]
update handshake state: finished[20]
*** Finished
verify_data:  { 203, 226, 74, 104, 167, 159, 8, 209, 0, 221, 10, 209 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
main, WRITE: TLSv1.2 Application Data, length = 230
main, READ: TLSv1.2 Application Data, length = 1394
main, READ: TLSv1.2 Application Data, length = 1394
May 14, 2020 1:41:36 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies
WARNING: Invalid cookie header: "Set-Cookie: _octo=GH1.1.1524630517.1589478096; Path=/; Domain=github.com; Expires=Fri, 14 May 2021 17:41:36 GMT; Secure". Invalid 'expires' attribute: Fri, 14 May 2021 17:41:36 GMT
May 14, 2020 1:41:36 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies
WARNING: Invalid cookie header: "Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 14 May 2021 17:41:36 GMT; HttpOnly; Secure". Invalid 'expires' attribute: Fri, 14 May 2021 17:41:36 GMT
main, READ: TLSv1.2 Application Data, length = 532
main, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1572635088 bytes = { 253, 132, 157, 102, 61, 55, 115, 13, 207, 212, 137, 21, 117, 149, 228, 18, 254, 181, 156, 120, 235, 17, 138, 234, 79, 114, 171, 126 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=github-production-release-asset-2e65be.s3.amazonaws.com]
Extension renegotiation_info, renegotiated_connection: <empty>
***
main, WRITE: TLSv1.2 Handshake, length = 260
main, READ: TLSv1.2 Handshake, length = 91
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1682120714 bytes = { 220, 181, 160, 130, 53, 2, 124, 163, 112, 111, 54, 245, 190, 27, 92, 33, 151, 31, 160, 137, 254, 83, 67, 43, 251, 89, 161, 97 }
Session ID:  {70, 235, 36, 129, 156, 158, 235, 185, 172, 166, 214, 240, 165, 12, 80, 32, 116, 189, 245, 143, 47, 108, 56, 147, 91, 165, 181, 159, 36, 212, 150, 94}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension server_name, server_name: 
Extension ec_point_formats, formats: [uncompressed]
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, READ: TLSv1.2 Handshake, length = 2900
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: <string deleted due to space stakeoverflow space limits>
  public exponent: 65537
  Validity: [From: Fri Nov 08 19:00:00 EST 2019,
               To: Fri Mar 12 07:00:00 EST 2021]
  Issuer: CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    082df68e e9c69315 bebf7207 9b3810fd]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
<string deleted due to space stakeoverflow space limits>                                                .


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
, 
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 12 B2 28 74 68 46 67   E9 70 25 74 1A 00 45 5B  ...(thFg.p%t..E[
0010: 06 7D 5C 44                                        ..\D
]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl]
, DistributionPoint:
     [URIName: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.s3.amazonaws.com
  DNSName: s3.amazonaws.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DD F2 26 00 64 B7 CA F7   5C A6 96 A6 D7 AC CB E1  ..&.d...\.......
0010: 27 15 0C 13                                        '...
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
<string deleted due to space stakeoverflow space limits>

]
chain [1] = [
[
  Version: V3
  Subject: CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: <string deleted due to space stakeoverflow space limits>
  public exponent: 65537
  Validity: [From: Tue Dec 08 07:05:07 EST 2015,
               To: Sat May 10 08:00:00 EDT 2025]
  Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  SerialNumber: [    0182f809 8ea2e626 b91a3b27 841fb9af]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E5 9D 59 30 82 47 58 CC   AC FA 08 54 36 86 7B 3A  ..Y0.GX....T6..:
0010: B5 04 4D F0                                        ..M.
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/Omniroot2025.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 12 B2 28 74 68 46 67   E9 70 25 74 1A 00 45 5B  ...(thFg.p%t..E[
0010: 06 7D 5C 44                                        ..\D
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
<string deleted due to space stakeoverflow space limits>

]
***
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[WARNING] Could not get content
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any help or even relevant hint pushing me in the right direction will be very much appreciated.任何帮助甚至相关提示将我推向正确的方向将不胜感激。

Thanks in advance and looking forward to hearing from you.在此先感谢您,并期待收到您的来信。

1 个解决方案

解决方案1
 0  2020-05-15 03:43:13

I seem to solve my own problem.我似乎解决了我自己的问题。 First and foremost I have to give a credit to the old post here AWS Developer forum: No trusted certificate found.首先,我必须感谢 AWS 开发人员论坛上的旧帖子:未找到受信任的证书。 , it gave me a hint. ,它给了我一个提示。

Instead of using cacerts keystore from my Java distribution I decided to create my very own custom one in local Maven repository .m2 folder.我决定在本地 Maven 存储库.m2文件夹中创建我自己的自定义密钥库,而不是使用我的 Java 发行版中的cacerts密钥库。 Long story short - switching back to the original cacerts and importing there all the necessary certificates solved the issue.长话短说 - 切换回原来的cacerts并在那里导入所有必要的证书解决了这个问题。

Hopefully it may help someone in a future.希望它可以在将来对某人有所帮助。

Cheers!干杯! And happy coding to Y'all !祝大家编码愉快!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PKIX路径构建失败与Maven SSLHandshakeException - PKIX path building failed SSLHandshakeException with Maven Maven构建问题:PKIX路径构建失败 - Maven build issue: PKIX path building failed SSLHandshakeException:PKIX 路径构建失败 - SSLHandshakeException: PKIX path building failed 突发错误:ValidatorException: PKIX 路径构建失败 - Sudden error: ValidatorException: PKIX path building failed SSLHandshakeException:ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException: - SSLHandshakeException: ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败 Flutter - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Flutter 解决 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed 错误? - Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error? javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败google recaptcha - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed google recaptcha Maven存储库sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException: - maven repository sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM