`

Java 信任所有SSL证书(解决PKIX path building failed问题)

    博客分类:
  • Java
 
阅读更多
Java在请求某些不受信任的https网站时会报:PKIX path building failed
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at SslTest.getRequest(SslTest.java:16)
	at SslTest.main(SslTest.java:40)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
	... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
	... 19 more


解决办法:

1、导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书,因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法,在连接openConnection的时候忽略掉证书就行了。

SslUtils.ignoreSsl();


import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SslUtils {
	private static void trustAllHttpsCertificates() throws Exception {
		TrustManager[] trustAllCerts = new TrustManager[1];
		TrustManager tm = new miTM();
		trustAllCerts[0] = tm;
		SSLContext sc = SSLContext.getInstance("SSL");
		sc.init(null, trustAllCerts, null);
		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
	}
	static class miTM implements TrustManager,X509TrustManager {
		public X509Certificate[] getAcceptedIssuers() {
			return null;
		}
		public boolean isServerTrusted(X509Certificate[] certs) {
			return true;
		}
		public boolean isClientTrusted(X509Certificate[] certs) {
			return true;
		}
		public void checkServerTrusted(X509Certificate[] certs, String authType)
				throws CertificateException {
			return;
		}
		public void checkClientTrusted(X509Certificate[] certs, String authType)
				throws CertificateException {
			return;
		}
	}
	/**
	 * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
	 * @throws Exception
	 */
	public static void ignoreSsl() throws Exception{
		HostnameVerifier hv = new HostnameVerifier() {
			public boolean verify(String urlHostName, SSLSession session) {
				System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
				return true;
			}
		};
		trustAllHttpsCertificates();
		HttpsURLConnection.setDefaultHostnameVerifier(hv);
	}
}


URL u = new URL(url);
		if("https".equalsIgnoreCase(u.getProtocol())){
			SslUtils.ignoreSsl();
		}
		URLConnection conn = u.openConnection();
		conn.setConnectTimeout(timeOut);
		conn.setReadTimeout(timeOut);
		return IOUtils.toString(conn.getInputStream());
分享到:
评论

相关推荐

    解决PKIX path building failed的问题

    标题中的“解决PKIX path building failed的问题”是一个关于网络安全和证书验证的常见错误,通常出现在Java应用程序中。当一个程序尝试通过HTTPS连接到一个服务器时,如果Java的信任存储(Truststore)不包含服务器...

    SSL.7z,解决PKIX path building failed 的问题

    PKIX path building failed 的问题。解决本地环境中报错 PKIX path building failed 的问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可

    PKIX path building failed解决java获取https的时遇到的证书问题

    ### PKIX Path Building Failed 解决Java获取HTTPS时遇到的证书问题 #### 一、问题概述 在使用Java程序访问HTTPS网站时,有时会遇到以下异常: ```plaintext javax.net.ssl.SSLHandshakeException: sun.security....

    验证证书unable to find valid certification path to requested target

    当在Java中使用URL.openConnection().connect()方法进行HTTPS请求时,如果遇到PKIX path building failed异常,通常意味着Java运行环境在验证服务器证书链时遇到了问题。具体错误信息sun.security.provider....

    InstallCert.java工具及使用方法.zip

    HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find ...

    关于IDEA2020.1新建项目maven PKIX 报错问题解决方法

    这个错误的主要原因是ValidatorException:PKIX path building failed : sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target。...

    java 发送https 请求 证书

    Java的TrustStore包含了系统信任的根证书,如果服务器的证书不在这个TrustStore中,Java会抛出“ sun.security.validator.ValidatorException: PKIX path building failed”这样的异常。以下是一些步骤来处理这个...

    https解决SSLHandshakeException问题.zip

    虽然上述方法可以解决问题,但在实际应用中,应优先考虑提高安全性,例如更新设备的SSL/TLS库、使用受信任的证书和现代加密套件。在测试和调试过程中,务必遵循最小权限原则,只在必要时放宽安全设置。

    PKIX_maven_archetype.rar

    3. 本地的Java信任存储中没有服务器的证书。 4. Maven的`settings.xml`或`settings-security.xml`配置有误。 为了解决这个问题,你可以尝试以下步骤: 1. 检查服务器的SSL配置,确保其拥有完整的证书链。 2. 更新...

    关于用javamail发送邮件时,由于邮件服务器要SSL,解决办法

    当邮件服务器需要自签名证书时,可能会出现“sun.security.validator.ValidatorException: PKIX path building failed”这样的错误。为了解决这个问题,我们可以使用`InstallCert.java`这个工具。这是一个简单的Java...

    InstallCert.zip

    "InstallCert.zip"这个文件和其描述"mvn PKIX path building failed: 进行中央库授权, unable to find valid certification path to requested target"揭示了一个常见的问题:在使用Maven进行构建时,由于缺少信任...

    gradle-trust-all:一个用于禁用 SSL 证书验证的 gradle 插件

    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 处理这种情况的常用 Java 方法是下载站点证书,将其导入...

    Trusted Path Debugger:用于 PKIX 路径构建的 Java 调试器失败错误-开源

    Java 中,在进行 HTTPS 连接时,人们通常会遇到以下异常堆栈跟踪: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath...

    Import gmail SMTP certificate to Websphere server

    nested exception is: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid...

Global site tag (gtag.js) - Google Analytics