java - Fiddler java https - "unable to find valid certification path to requested target"

标签 java intellij-idea https fiddler windows-server-2012-r2

我关注了instructions在 Fiddler 中为 java 客户端程序设置 https 流量解密。但我在 IntelliJ 中仍然遇到此错误

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
    at Program.main(Program.java:41)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
    ... 25 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 31 more

我还尝试在程序本身中设置属性(而不是使用虚拟机选项)

System.setProperty("http.proxyHost", "127.0.0.1");
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("http.proxyPort", "8888");
System.setProperty("https.proxyPort", "8888");
System.setProperty("javax.net.ssl.trustStore", "c:\\Users\\tcb\\IdeaProjects\\FiddlerKeystore");
System.setProperty("javax.net.ssl.trustStorePassword", "SomePassword");

还是同样的错误。最后,我尝试将 FiddlerRoot.cer 导入 jre 的 cacerts 存储

C:\windows\system32>"c:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe" -import -trustcacerts -alias Fiddler -file c:\users\tcb\Desktop\FiddlerRoot.cer -keystore "c:\Program Files\Java\jre7\lib\security\cacerts"

但我仍然收到“无法找到请求目标的有效证书路径”错误。

什么可能导致此错误?

最佳答案

您使用的是哪个证书生成器:makecertcertenroll? (参见http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/)

我问的原因是 makecert 生成的证书不包含 AKI 扩展,如果没有它们,Java 可能无法正确构建证书链。当证书由 certenrollbouncycaSTLe certmaker 插件 生成时,此问题得到解决,它们都将 AKI 扩展添加到生成的证书中。

关于java - Fiddler java https - "unable to find valid certification path to requested target",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33616533/

上一篇:java - Morphia:使用 Morphia 过滤 ArrayList 中的元素

下一篇:java - 添加到指定索引时数组列表的行为

相关文章:

java - 通过 OS X App Bundle 执行 Oracle JDK 7u10 — 日志在哪里?

intellij-idea - 在 Intellij Idea 的滚动条中显示代码

intellij-idea - Jetbrains 比较工具作为独立工具

java - 如何让 IntelliJ 将此注释保留在同一行中

php - http 重定向到 index.php 而不是 https

java - Scala Chart (JFreeChart) 无法在 AWS 服务器上运行

java - 甲骨文 MAF : Reflect value into inputText based on multiple selectOneChoice selection

java - Struts2 网址无法访问

带有 https loadUrl 的 Android WebView 显示空白/空白页面

c# - 中间件是否需要在 ASP.net 和 C# 中重定向到 HTTPS?

©2024 IT工具网  联系我们