我们已经部署了一个 WSO2 API 管理器来公开系统的 API。当我们发布带有 https 目标端点的 API 时(例如:https://abc.d.e :),请求失败并出现以下异常。
TID: [-1234] [] [2017-06-26 06:46:43,226] ERROR {org.wso2.carbon.apimgt.hostobje
cts.APIProviderHostObject} - Error occurred while connecting to backend : https
://list-micro.aws.na.sysco.net:9090, reason : sun.security.validator.ValidatorEx
ception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBu
ilderException: unable to find valid certification path to requested target {org
.wso2.carbon.apimgt.hostobjects.APIProviderHostObject}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
ption: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)最佳答案
Wso2/Carbon 使用 Java 8 .. 请记住,显然 SSL 客户端不能很好地削减 SNI。因此,如果您在 1 个 IP 地址上使用多个证书,这可能是问题所在:
http://javabreaks.blogspot.com/2015/12/java-ssl-handshake-with-server-name.html
关于validation - WSO2 API 管理器 "unable to find valid certification path to requested target {org .wso2.carbon.apimgt.hostobjects.APIProviderHostObject}",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44754711/