我的系统上运行着三个 tomcat,每个 tomcat 服务器部署一个单独的 war 文件。我正在尝试通过 https 在这些服务器之间进行通信。
我对所有三个服务使用了相同的证书,因为它们在同一台机器上。前两台服务器运行良好。
但是我最后一个 tomcat 服务器在服务器启动时抛出以下错误:
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:131)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:219)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:143)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:110)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
at com.sun.xml.ws.client.Stub.process(Stub.java:429)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:259)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:296)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
... 16 more
最佳答案
该错误表明您的证书不在 jdk/jre/lib/secusrity/cacerts 文件中,
按照以下步骤操作,希望对您有所帮助。
1.开火指令 keytool -list -v -keystore jdk/jre/lib/secusrity/cacerts > java_cacerts.txt
所有的cacerts证书都会导出到java_cacerts.txt文件中
2.查看 java_cacerts.txt。通过搜索匹配的序列号,查看它是否包含浏览器中存在的相同证书。在 java_cacerts.txt 文件中,序列号将是小写的并且没有“:”冒号字符。如果它不存在,那么这可能是错误的原因,我们可以通过添加在浏览器中找到的证书来解决这个问题。
3.返回浏览器,导出 Root CA。选择“X.509 Certificate (DER)”类型,所以导出的文件有一个der扩展名。
假设文件名为 example.der,为此证书选择别名“example”。接下来导入文件。
4.keytool -import -alias example -keystore jdk/jre/lib/secusrity/cacerts -file example.der
这个命令提示你输入密码,默认密码是changeit
5.再次转储内容以验证它包含您的新证书。重新启动 JVM。
6.同时检查cacerts文件中的证书是否与你的keystore文件匹配
关于java - HTTP 传输错误 : unable to find valid certification path to requested on tomcat,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49821749/