问题:
PKIX路径构建失败,但证书在cacerts中
劳昊明
我有一个问题,也是在这里描述的。我创建了一个证书并将其添加到tomcat的密钥库中,然后将其复制到Cacerts信任库中。然而,不知何故,我还是得到了这个错误。
我所做的:
1)keytool-genkey-alias cas-keyalg RSA-keystore cas.keystore-storePass changeit
keytool-list-v-keystore“C:\程序文件\java\jdk1.8.0_77\jre\lib\security\cacerts”-别名cas
...我明白了:
Keystore-Kennwort eingeben:
Aliasname: cas
Erstellungsdatum: 09.09.2016
Eintragstyp: trustedCertEntry
Eigentümer: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Aussteller: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Seriennummer: xxx
Gültig von: Fri Sep 09 10:40:55 CEST 2016 bis: Thu Dec 08 09:40:55 CET 2016
Zertifikat-Fingerprints:
MD5: ....
SHA1: ....
SHA256: ....
Signaturalgorithmusname: SHA256withRSA
Version: 3
Erweiterungen:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [...
]
]
有了这个:
Keystore-Kennwort eingeben:
Keystore-Typ: JKS
Keystore-Provider: SUN
Keystore enthält 1 Eintrag
Aliasname: cas
Erstellungsdatum: 09.09.2016
Eintragstyp: trustedCertEntry
Eigentümer: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Aussteller: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Seriennummer: ...
Gültig von: Fri Sep 09 10:40:55 CEST 2016 bis: Thu Dec 08 09:40:55 CET 2016
Zertifikat-Fingerprints:
MD5: ...
SHA1: ...
SHA256: ...
Signaturalgorithmusname: SHA256withRSA
Version: 3
Erweiterungen:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
]
]
HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
<Connector port="8743" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" keystoreFile="${catalina.base}/conf/portal.keystore" keystorePass="changeit"
secure="true" connectionTimeout="240000"
clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8309" protocol="AJP/1.3" redirectPort="8743" />
09-Sep-2016 12:05:30.146 SEVERE [http-bio-8743-exec-4] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/cas-sample] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:279)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 33 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 39 more
共有1个答案
仲孙向明
您的连接器元素定义了一个密钥库。那是一个将查找私钥及其证书的地方。
您的异常涉及truststore,它是找到或找不到受信任CA证书的地方。
您需要通过配置或javax.net.ssl.truststore系统属性定义Tomcat使用的truststore。
类似资料:
-
我刚刚为我们的域名购买了一个新的通配符ssl证书,因为我们的旧证书即将到期。我已经将它安装在我们的cas服务器和应用服务器上,但是我在我们的应用服务器上得到以下堆栈跟踪: 两个服务器上的证书是相同的。
-
我使用PKIX路径构建失败程序面临这个问题,这是我尝试过的... > 我访问了我试图访问的目标URL 我单击“锁定”图标并导出证书。 我在命令下面跑... keytools-import cert-filesec.cer-store pass change eit-keystore"C:/Program Files/Java /jdk-11.0.2/jdk-11.0.2/lib/security/
-
Sun.Security.Validator.ValidatorException:PKIX路径生成失败:Sun.Security.Provider.CertPath.SunCertPathBuilderException:找不到请求目标的有效证书路径;嵌套异常为javax.net.ssl.sslHandShakeException:Sun.Security.Validator.Validator
-
我正在使用一个自定义的工件库来部署我的项目。当我在本地机器上工作时,这很好,但我已经启用了Gitlab的AutoDevOps功能,并将我的项目与Kubernetes集群集成。 kubernetes集群由rancher管理。 问题是在Gitlab上运行的构建失败并出现以下错误: 插件org.apache.maven。插件:maven resources插件:2.6或其一个依赖项无法解析:无法读取or
-
在将我的应用程序从Windows 2000移动到Windows 2008 R2服务器之后,我一直在努力让我的应用程序运行近一周。 程序如下: 已安装Java JDK 1.7.0_25 我试图用重复步骤3,以确保我没有搞砸任何事情。 上述方法并没有解决我的问题,所以我尝试以编程方式进行: 仍然没有任何运气。我被困住了,不太确定从这里往哪个方向走。 堆栈跟踪: 更新: 都是
-
问题内容: 我正在与一个名为CommWeb的商户帐户集成,并向其URL(https://migs.mastercard.com.au/vpcdps)发送一个SSL帖子。当我尝试发送帖子时,出现以下异常: 执行该帖子的代码(我没有写过,并且已经存在于我们的代码库中)是: 商户帐户集成的文档对证书一无所知。他们确实提供了一些似乎盲目接受证书的示例JSP代码: 我们的Web应用程序有一个密钥库,我尝试使