即使證書在瀏覽器中有效,Java 也無法驗證證書
[英]Java not able to validate certificate even if certificate valid in browser
問題描述
我有一個使用 java 調用的 GET API,並且我使用了 feign client 來調用這個 API。
當我調用這個 API 時,它給出了錯誤:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1323)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
當我在瀏覽器中點擊相同的 API 時,它工作正常。 瀏覽器不會顯示為不受信任的連接。
來自Firefox的證書信息:
我在 docker image openjdk:11-slim運行我的應用程序。
為什么即使證書有效,java也無法驗證證書?
1 個解決方案
解決方案1
1 已采納 2020-10-27 13:00:49
這可能是因為它們沒有添加到您的 cacerts -
您可以嘗試從下面的鏈接運行 installCerts,用於您嘗試從中下載證書或由於證書問題而不允許訪問的站點的 URL。
java --source 11 InstallCert.java
https://github.com/escline/InstallCert
如果它是自簽名證書,請在您的 DockerFile 中嘗試以下操作 -
FROM openjdk:11-jdk-slim
WORKDIR /opt/workdir/
#.crt file in the same folder as your Dockerfile
ARG CERT="certificate.crt"
#import cert into java
COPY $CERT /opt/workdir/
RUN keytool -importcert -file $CERT -alias $CERT -cacerts -storepass changeit -noprompt
如果你有 .cer 文件,你可以從瀏覽器導出。 將以下內容添加到您的 DockerFile。 所以所需的證書在 ssl 握手之前可用。 ——
ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates
Java和神秘的SSL證書問題,即使證書路徑有效
[英]Java and mysterious SSL certificate issue even though certification path is valid
Java插件和瀏覽器如何在Intranet中驗證applet的證書?
[英]How do Java plugin and browser validate applet's certificate in intranet?
在 Wildfly 17 中啟用 SSL:瀏覽器顯示證書無效
[英]Enabling SSL in Wildfly 17: Browser is showing certificate is not valid
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.