随笔 - 493  文章 - 0  评论 - 97  阅读 - 239万

我是如何解决java.security.cert.CertPathValidatorException异常的

在rocky8.5上,有个jdk8跑的程序连接windows上SQL Server2012失败了,环境如下:

?
1
2
[zcm@rocky microService]$ cat /etc/redhat-release
Rocky Linux release 8.5 (Green Obsidian)
?
1
2
3
4
[root@rocky security]# java -version
openjdk version "1.8.0_302"
OpenJDK Runtime Environment (build 1.8.0_302-b08)
OpenJDK 64-Bit Server VM (build 25.302-b08, mixed mode)

  错误如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
2023-12-17 16:10:44,813|INFO|org.quartz.core.QuartzScheduler|585|Scheduler quartzScheduler_$_NON_CLUSTERED paused.
2023-12-17 16:10:44,837|ERROR|com.alibaba.druid.pool.DruidDataSource|2787|create connection SQLException, url: jdbc:sqlserver://192.168.10.66:1433;databaseName=JTSZHManage;trustServerCertificate=true;Encrypt=true;, errorCode 0, state 08S01
com.microsoft.sqlserver.jdbc.SQLServerException: 驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接。错误:“Certificates do not conform to algorithm constraints”。 ClientConnectionId:fffb7ce4-4898-4e9e-8abe-86f3750ff2dd
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2998) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1884) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2558) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2216) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2067) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1204) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:825) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:156) ~[druid-1.2.4.jar!/:1.2.4]
        at com.alibaba.druid.filter.stat.StatFilter.connection_connect(StatFilter.java:227) ~[druid-1.2.4.jar!/:1.2.4]
        at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:150) ~[druid-1.2.4.jar!/:1.2.4]
        at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1654) ~[druid-1.2.4.jar!/:1.2.4]
        at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1718) ~[druid-1.2.4.jar!/:1.2.4]
        at com.alibaba.druid.pool.DruidDataSource$CreateConnectionThread.run(DruidDataSource.java:2785) [druid-1.2.4.jar!/:1.2.4]
Caused by: javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[?:1.8.0_302]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[?:1.8.0_302]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435) ~[?:1.8.0_302]
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1802) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        ... 11 more
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1427) ~[?:1.8.0_302]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1352) ~[?:1.8.0_302]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1296) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[?:1.8.0_302]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[?:1.8.0_302]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435) ~[?:1.8.0_302]
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1802) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]
        ... 11 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: CN=SSL_Self_Signed_Fallback
        at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:893) ~[?:1.8.0_302]
        at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:509) ~[?:1.8.0_302]
        at sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:252) ~[?:1.8.0_302]
        at sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:198) ~[?:1.8.0_302]
        at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:292) ~[?:1.8.0_302]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1423) ~[?:1.8.0_302]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1352) ~[?:1.8.0_302]
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1296) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[?:1.8.0_302]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[?:1.8.0_302]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_302]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[?:1.8.0_302]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[?:1.8.0_302]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300) ~[?:1.8.0_302]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435) ~[?:1.8.0_302]
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1802) ~[mssql-jdbc-8.2.0.jre8.jar!/:?]先

先说明下数据库连接的配置:

?
1
2
3
4
5
6
7
8
datasource:
  type: com.alibaba.druid.pool.DruidDataSource
  driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver
  druid:
    master:
      url: jdbc:sqlserver://192.168.110.999:1433;databaseName=xxxx;trustServerCertificate=true;Encrypt=true;
      username: 111
      password: 111111

 

最终通过以下方案解决:

https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8

?
1
# update-crypto-policies --set LEGACY

  

 

posted on   清清飞扬  阅读(2072)  评论(0编辑  收藏  举报
相关博文:
· 解决出现javax.net.ssl.SSLHandshakeException: PKIX path building failed 或 sun.security.validator.ValidatorException: PKIX path building failed的问题
· mybatis-plus连接SQL Server2012分页查询异常
· JAVA1.8-SSL错误:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExceptiion
· 2023.6.30//关于java链接SQLserver数据库报错:驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接。
· java修复javax.net.ssl.SSLHandshakeException问题
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET10 - 预览版1新功能体验(一)
历史上的今天:
2015-12-17 PHP usort 使用用户自定义的比较函数对数组中的值进行排序
< 2025年3月 >
23 24 25 26 27 28 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31 1 2 3 4 5

Powered by: 博客园 Copyright © 2025 清清飞扬
Powered by .NET 9.0 on Kubernetes
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛