获取 aws com.amazonaws.SdkClientException 的 PKIX 路径构建失败
[英]Getting PKIX path build failure for aws com.amazonaws.SdkClientException
问题描述
While I am trying to upload an object to the S3 bucket from java using Eclipse.
虽然我正在尝试使用 Eclipse 从 java 将 object 上传到 S3 存储桶。 I am getting below exception我低于异常
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.amazonaws.SdkClientException:无法执行 HTTP 请求:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
Please refer the link from which I have taken and execute the sample code请参考我从中获取的链接并执行示例代码
https://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html https://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
Any help on this will be appriciated.对此的任何帮助将不胜感激。
2 个解决方案
解决方案1
1 2020-06-25 12:21:51
I'm having the same issue.我有同样的问题。 I seen on other posts (examples include forums.aws.amazon.com/thread.jspa?threadID=290003 and github.com/aws/aws-sdk-java/issues/1757 ), that adding JDKs CACERTS to the eclipse.ini file has worked.我在其他帖子中看到(示例包括forums.aws.amazon.com/thread.jspa?threadID=290003和github.com/aws/aws-sdk-java/issues/1757 ),将 JDK 的 CACERTS 添加到 Z6B7B655DD22FAA934F100677C512A8A8文件已经工作。 I have a Public S3 bucket and an IAM user with Admin rights, to ensure permissions were not causing this.我有一个公共 S3 存储桶和一个具有管理员权限的 IAM 用户,以确保权限不会导致此问题。
This is still an ongoing issue for me, but one of these may fix your issue uddeshya pratik这对我来说仍然是一个持续存在的问题,但其中之一可能会解决您的问题 uddeshya pratik
解决方案2
0 2022-06-20 18:17:36
I faced the same issue with Eclipse with AWS Java SDK 2 to execute the AWS Java SDK sample codes from AWS SDK documentation. I faced the same issue with Eclipse with AWS Java SDK 2 to execute the AWS Java SDK sample codes from AWS SDK documentation. Here are the things I found.这是我发现的东西。 Newer Java versions have Amazon Root CA already in JDK truststore.较新的 Java 版本已在 JDK 信任库中具有 Amazon Root CA。
After troubleshooting the Application with with Parameter -Djavax.net.debug=all , or -Djavax.net.debug=ssl by passing vmargs in Run configurations, it was throwing an exception from the Intermediate Root CA from ZScalar certificate.在使用参数-Djavax.net.debug=all或-Djavax.net.debug=ssl通过在运行配置中传递 vmargs 对应用程序进行故障排除后,它从 ZScalar 证书的中间根 CA 抛出异常。 JDK truststore does not have that Intermediate Root CA. JDK 信任库没有那个中间根 CA。
Then I went to ZScaler website to download their root, and intermediate CA from the URL.然后我去 ZScaler 网站从 URL 下载他们的根目录和中间 CA。 Here are the certificates that I downloaded.这是我下载的证书。 Add them to JDK truststore using the following command.使用以下命令将它们添加到 JDK 信任库。
I have added root as well intermediate CA certificates from ZScaler, and then Eclipse Java Application with AWS Java SDK worked well without giving any errors. I have added root as well intermediate CA certificates from ZScaler, and then Eclipse Java Application with AWS Java SDK worked well without giving any errors.
Summary is: Sometimes the problem is with Intermediate Root CAs that are not added to JDK trust store by default.总结是:有时问题出在默认情况下未添加到 JDK 信任库中的中间根 CA。
keytool -import -alias zscaler-int-ca1 -file zscaler-ca1.cer -keystore $JAVA_HOME/lib/jre/security/cacerts keytool -import -alias zscaler-int-ca1 -file zscaler-ca1.cer -keystore $JAVA_HOME/lib/jre/security/cacerts
keytool -import -alias zscaler-root-ca1 -file zscaler-ca2.cer -keystore $JAVA_HOME/lib/jre/security/cacerts keytool -import -alias zscaler-root-ca1 -file zscaler-ca2.cer -keystore $JAVA_HOME/lib/jre/security/cacerts
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.