stackoom
  简体   繁体   中英

PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested

 原文  2021-01-08 15:11:34       java/ java-8/ keystore

Question

I'm using eclipse and while trying to execute this function I'm getting below error.

I want to send a GET request along with certificate and key. I can download certificate in any format so that's not an issue. I know I need to add this to java keystone but after trying various suggestion I'm still not able to fix this.

   public String sendGET(String GET_URL, String authStringEnc) throws IOException {
            try {
                KeyStore ks = KeyStore.getInstance("JKS");
                FileInputStream fis = new FileInputStream("src/com/resources/ece-cyberark-cert.jks");
                ks.load(fis, "5<@7wBj[Ht()~GRf".toCharArray());
                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                kmf.init(ks, "5<@7wBj[Ht()~GRf".toCharArray());
                SSLContext sc = SSLContext.getInstance("TLS");
                sc.init(kmf.getKeyManagers(), null, null);
                URL obj = new URL(GET_URL);
                HttpURLConnection con = (HttpURLConnection) obj.openConnection();
                if (con instanceof HttpsURLConnection) {
                    ((HttpsURLConnection)con)
                         .setSSLSocketFactory(sc.getSocketFactory());
                }
                con.setRequestMethod("GET");
                con.setRequestProperty("User-Agent", USER_AGENT);
                con.setRequestProperty("Authorization", "Basic " + authStringEnc);      
                con.setRequestProperty("Content-Type", "application/json");
                
                int responseCode = con.getResponseCode();
                System.out.println("GET Response Code :: " + responseCode + " :: " + GET_URL);
                if (responseCode == HttpURLConnection.HTTP_OK) { // success
                    BufferedReader in = new BufferedReader(new InputStreamReader(
                            con.getInputStream()));
                    String inputLine;
                    StringBuffer response = new StringBuffer();
    
                    while ((inputLine = in.readLine()) != null) {
                        response.append(inputLine);
                    }
                    in.close();
                    con.disconnect();
                    // print result
                    return response.toString();
                } else {
                    // return failed requests response code
                    return "GET request not worked :: GET Response Code :: " + responseCode + " ::  + GET_URL";
                }
            } catch (Exception e) {
                e.printStackTrace();
                return "Exceptionn";
            }
            
            
    
        }

Below is the error -

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

1 answers

solution1
 0  2021-04-16 22:14:54

Key managers are used to authenticate you, the HTTP client, to the HTTP server. But first, the trust managers are used to authenticate the server. If the server's certificate isn't trusted under the runtime's default "trust anchors", you'll need to provide the correct root certificate explicitly.

KeyStore trusted = ...; /* Initialize a trust store containing the non-standard CA. */
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trusted);
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
...

If you don't intend to use TLS client authentication, you should remove all of the KeyManager related initialization.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target SSLHandshakeException: PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target javax.mail.MessagingException: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target; PKIX building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target? PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException JDK8 -> JDK10: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target CXF:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Error in JavaMail : PKIX path building failed unable to find valid certification path to requested target
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM