出现错误:PKIX 路径构建失败:无法找到请求目标的有效证书路径
我正在尝试通过 Web 服务将 xml 发送到另一个系统.但是在尝试发送时,我收到以下错误.我已经安装了他们给我的证书.但它仍然无法正常工作.
I'm trying to send a xml to another system via web service. But while trying to send i'm getting the following error. I've installed the certificate they gave to me. but still its not working.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
推荐答案
这个错误有两种可能的来源:
There are two possible sources for this error:
- 对方正在使用真正不受信任的证书(自签名或由不受信任的 CA 签名),
- 或对方未发送证书验证链(例如,在通往您信任的 CA 的过程中存在中间签名证书,但 SSL 握手中不存在此证书).
第一种情况的解决方案是将不受信任的 CA(或证书本身)添加到您的 JRE 信任库 (${java.home}/lib/security/cacerts
) 或更好 - 创建您的自己的信任库(升级 Java 时不会被删除)并通过 javax.net.ssl.trustStore
JVM 属性.
Solution for the first case is to add the untrusted CA (or the ceriticate itself) to your JRE truststore (${java.home}/lib/security/cacerts
) or better - create your own truststore (which will not get removed when upgrading Java) and provide that to your application via javax.net.ssl.trustStore
JVM property.
第二种情况的解决方案是采用第一种情况的解决方案或更好 - 说服对方发送正确的证书链.
Solution for the second case is either to go with the first case solution or better - convince the opposite side to send correct certificate chain.
相关文章