unable to find valid certification path to requested target
Error :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Resolve method :
1 import java.io.BufferedReader; 2 import java.io.File; 3 import java.io.FileInputStream; 4 import java.io.FileOutputStream; 5 import java.io.InputStream; 6 import java.io.InputStreamReader; 7 import java.io.OutputStream; 8 import java.security.KeyStore; 9 import java.security.MessageDigest; 10 import java.security.cert.CertificateException; 11 import java.security.cert.X509Certificate; 12 13 import javax.net.ssl.SSLContext; 14 import javax.net.ssl.SSLException; 15 import javax.net.ssl.SSLSocket; 16 import javax.net.ssl.SSLSocketFactory; 17 import javax.net.ssl.TrustManager; 18 import javax.net.ssl.TrustManagerFactory; 19 import javax.net.ssl.X509TrustManager; 20 21 public class InstallCert { 22 23 public static void main(String[] args) throws Exception { 24 args[0]="www.google.com"; 25 String host; 26 int port; 27 char[] passphrase; 28 //System.setProperty("javax.net.ssl.trustStore", "C:\\Users\\PL62716\\workspace\\urlAutoConnect\\jssecacerts"); 29 if ((args.length == 1) || (args.length == 2)) { 30 String[] c = args[0].split(":"); 31 host = c[0]; 32 port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); 33 String p = (args.length == 1) ? "changeit" : args[1]; 34 passphrase = p.toCharArray(); 35 } else { 36 System.out 37 .println("Usage: java InstallCert <host>[:port] [passphrase]"); 38 return; 39 } 40 41 File file = new File("jssecacerts"); 42 if (file.isFile() == false) { 43 char SEP = File.separatorChar; 44 File dir = new File(System.getProperty("java.home") + SEP + "lib" 45 + SEP + "security"); 46 file = new File(dir, "jssecacerts"); 47 if (file.isFile() == false) { 48 file = new File(dir, "cacerts"); 49 } 50 } 51 System.out.println("Loading KeyStore " + file + "..."); 52 InputStream in = new FileInputStream(file); 53 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 54 ks.load(in, passphrase); 55 in.close(); 56 57 SSLContext context = SSLContext.getInstance("TLS"); 58 TrustManagerFactory tmf = TrustManagerFactory 59 .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 60 tmf.init(ks); 61 X509TrustManager defaultTrustManager = (X509TrustManager) tmf 62 .getTrustManagers()[0]; 63 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); 64 context.init(null, new TrustManager[] { tm }, null); 65 SSLSocketFactory factory = context.getSocketFactory(); 66 67 System.out 68 .println("Opening connection to " + host + ":" + port + "..."); 69 SSLSocket socket = (SSLSocket) factory.createSocket(host, port); 70 socket.setSoTimeout(10000); 71 try { 72 System.out.println("Starting SSL handshake..."); 73 socket.startHandshake(); 74 socket.close(); 75 System.out.println(); 76 System.out.println("No errors, certificate is already trusted"); 77 } catch (SSLException e) { 78 System.out.println(); 79 e.printStackTrace(System.out); 80 } 81 82 X509Certificate[] chain = tm.chain; 83 if (chain == null) { 84 System.out.println("Could not obtain server certificate chain"); 85 return; 86 } 87 88 BufferedReader reader = new BufferedReader(new InputStreamReader( 89 System.in)); 90 91 System.out.println(); 92 System.out.println("Server sent " + chain.length + " certificate(s):"); 93 System.out.println(); 94 MessageDigest sha1 = MessageDigest.getInstance("SHA1"); 95 MessageDigest md5 = MessageDigest.getInstance("MD5"); 96 for (int i = 0; i < chain.length; i++) { 97 X509Certificate cert = chain[i]; 98 System.out.println(" " + (i + 1) + " Subject " 99 + cert.getSubjectDN()); 100 System.out.println(" Issuer " + cert.getIssuerDN()); 101 sha1.update(cert.getEncoded()); 102 System.out.println(" sha1 " + toHexString(sha1.digest())); 103 md5.update(cert.getEncoded()); 104 System.out.println(" md5 " + toHexString(md5.digest())); 105 System.out.println(); 106 } 107 108 System.out 109 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); 110 String line = reader.readLine().trim(); 111 int k; 112 try { 113 k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; 114 } catch (NumberFormatException e) { 115 System.out.println("KeyStore not changed"); 116 return; 117 } 118 119 X509Certificate cert = chain[k]; 120 String alias = host + "-" + (k + 1); 121 ks.setCertificateEntry(alias, cert); 122 123 OutputStream out = new FileOutputStream("jssecacerts"); 124 ks.store(out, passphrase); 125 out.close(); 126 127 System.out.println(); 128 System.out.println(cert); 129 System.out.println(); 130 System.out 131 .println("Added certificate to keystore 'jssecacerts' using alias '" 132 + alias + "'"); 133 } 134 135 private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); 136 137 private static String toHexString(byte[] bytes) { 138 StringBuilder sb = new StringBuilder(bytes.length * 3); 139 for (int b : bytes) { 140 b &= 0xff; 141 sb.append(HEXDIGITS[b >> 4]); 142 sb.append(HEXDIGITS[b & 15]); 143 sb.append(' '); 144 } 145 return sb.toString(); 146 } 147 148 private static class SavingTrustManager implements X509TrustManager { 149 150 private final X509TrustManager tm; 151 private X509Certificate[] chain; 152 153 SavingTrustManager(X509TrustManager tm) { 154 this.tm = tm; 155 } 156 157 public X509Certificate[] getAcceptedIssuers() { 158 throw new UnsupportedOperationException(); 159 } 160 161 public void checkClientTrusted(X509Certificate[] chain, String authType) 162 throws CertificateException { 163 throw new UnsupportedOperationException(); 164 } 165 166 public void checkServerTrusted(X509Certificate[] chain, String authType) 167 throws CertificateException { 168 this.chain = chain; 169 tm.checkServerTrusted(chain, authType); 170 } 171 } 172 173 }
java InstallCert www.twitter.com Loading KeyStore /usr/java/jdk1.6.0_16/jre/lib/security/cacerts... Opening connection to www.twitter.com:443... Starting SSL handshake... javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) at InstallCert.main(InstallCert.java:63) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839) ... 7 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 13 more Server sent 2 certificate(s): 1 Subject CN=www.twitter.com, O=example.com, C=US Issuer CN=Certificate Shack, O=example.com, C=US sha1 2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7 md5 dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54 2 Subject CN=Certificate Shack, O=example.com, C=US Issuer CN=Certificate Shack, O=example.com, C=US sha1 fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6 md5 72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68 Enter certificate to add to trusted keystore or 'q' to quit: [1]
(1) Input 1, Enter, will generate Security certificate named "jssecacerts"
(2) Copy this file "jssecacerts" to directory "$JAVA_HOME/jre/lib/security" or use the following way: System.setProperty("javax.net.ssl.trustStore", "你的jssecacerts证书路径");
(3) Restart the web server, the certificate will take effect.
