stackoom
  简体   繁体   中英

CXF:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 原文  2022-01-04 08:05:47       java/ ssl/ cxf/ cxf-client

Question

I built a CXF client to invoke a SOAP web service. I imported the server's certificates into my cacerts trust store (I understand that CXF uses cacerts by default) and i used the following code to implement the call. However, the following error is generated:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

QName serviceQName = new QName("Namespace", "ServiceName");
String urlString = "https:endpoint?wsdl";
QName portQName = new QName("Namespace", "PortName");

service = Service.create(serviceQName);
service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING, urlString);
Dispatch<Source> sourceDispatch = service.createDispatch(portQName, Source.class, Service.Mode.PAYLOAD);
BindingProvider bindingProvider = sourceDispatch;
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, urlString);
Source result = sourceDispatch.invoke(new StreamSource(exchange.getIn().getBody(InputStream.class)));

2 answers

solution1
 0  2022-01-04 08:20:02

You need to import certificates to the keystore. This answer is a common solution.

"PKIX path building failed" and "unable to find valid certification path to requested target"

Also try adding keystore and truststore paths and passwords to VM options.

-Djavax.net.ssl.keyStore=C:\...\keystore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=C:\..\truststore.jks
-Djavax.net.ssl.trustStorePassword=password
-Djavax.net.ssl.type=JKS

solution2
 0  2022-01-04 15:50:35

The error was actually a CXF one and not a certificate one. Specifically, the Binding Provider actually ignores JAXWS properties and i had to pass the SSL context as shown below:

SSLContext sc = "your custom SSL Context"
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
tlsParams.setSSLSocketFactory(sc.getSocketFactory());

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PKIX building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target? PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException GCP-PUBSUB:-sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException Error ' sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target' when using xmpp
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM