由java派生出来的证书错误
未安装请求对应接口证书时的异常:> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
软件组的同事在进行软件升级时出现如上错误,查看其错误,初步判断其未安装java的jdk包和公司证书导致而成
解决方法:
安装jdk软件
1、下载linux的jdk版本
#mkdir /application && cd /application
# wget https://download.oracle.com/otn/java/jdk/11.0.5+10/e51269e04165492b90fa15af5b4eb1a5/jdk-11.0.5_linux-x64_bin.tar.gz?AuthParam=1571751391_d13df5b618e17c92b768f1f09a9ead41
2、安装jdk
这里下载的是tar.gz二进制版本,只需要解压就可以使用了
#mkdir -p /usr/local/java #建立java目录
#tar xf jdk-11.0.5_linux-x64.bin.tar.gz -C /usr/local/java
#把jdk解压到指定目录
#vim /etc/profile
JAVA_HOME=/usr/local/java/jdk-13.0.1;export JAVA_HOME
PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/lib
#source /etc/profile
3、上传公司证书和导入证书
#cd /usr/local/java && rz
上传公司的crt证书,我以我司的为例,导入server.crt
# keytool -import -alias server.crt -keystore cacerts -file /usr/local/java/server.crt -trustcacerts
#命令keytool就是导入证书的命令,其中第一个server.crt为现在证书的路径,我这里路径为/usr/local/java
#第二个server.crt为导入后的证书别名,我这里与原证书名一致
Enter keystore password: #这里提示输入口令,默认为changeit
Re-enter new password: #下面为公司的证书内容
Owner: CN=*.luxshare-ict.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Serial number: 1294f3aa047d0ab5dba26e74866f4e8c
Valid from: Wed Jul 19 08:00:00 CST 2017 until: Sat Oct 17 07:59:59 CST 2020
Certificate fingerprints:
MD5: 7E:BD:72:8C:B3:94:70:59:3A:CA:98:3E:1E:2B:98:86
SHA1: 66:AF:D3:22:7F:C5:5B:B4:DC:1B:24:C2:17:D5:40:C3:7F:94:CB:EE
SHA256: 04:4A:66:2D:CD:75:86:B8:E1:1F:D7:A6:3D:63:BF:6C:03:6F:AC:AC:45:57:32:F2:1C:C7:44:11:80:AC:10:ED
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.comodoca.com
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.
0010: 3A 28 DA E7 :(..
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure
0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#7: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
#8: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.luxshare-ict.com
DNSName: luxshare-ict.com
]
#9: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 9B 0D 21 28 B7 E3 79 C5 2D 7F FB 84 00 CD 31 ...!(..y.-.....1
0010: 34 E5 70 D3 4.p.
]
]
Trust this certificate? [no]: y #这里提示是否信任此证书,默认输入y
Certificate was added to keystore
经过上面一步,则完成证书导入,但是否导入成功,可使用命令先测试一下,
#查看某个证书
#keytool -list -keystore cacerts |grep server #查看公司证书
Enter keystore password: changeit
server.crt, Nov 8, 2019, trustedCertEntry, #查看证书
后来与软件组同事沟通,发现可以正常使用了,至此java派来出来的证书问题解决了。特此记录一下,以方便日后查看
至于命令keytool的使用,可以使用man来查看,
基本上导入证书的话,使用keytool -import
查看证书的话,使用keytool -list
至于windows的导入证书那就简单了,可以参考百度,或跟我沟通,我给你。
