PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce

今天一个sso项目把我折腾了半天，最终还是搞定了成功部署到linux环境上了.

 

遇到的错误如下：

javax.servlet.ServletException: Filtered request failed.

    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:384)

    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

    at java.lang.Thread.run(Thread.java:745)

Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)

    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)

    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)

    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)

    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)

    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)

    ... 24 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

解决方案：

原因是因为JDK的目录下没有导入证书. C:\Program Files\jdk1.7.0_64\jre\lib\security

直接通过dos的命令

 

导入到JDK安装目录证书:

keytool -import -keystore C:/"Program Files"/Java/jdk1.6.0_32/jre/lib/security/cacerts -file C:/common/keys/keycard.crt -alias mycacerts

 

或者

是把证书手动复制到此目录即可.