连接到 URL 时出错 - PKIX 路径构建失败
我正在尝试连接到网页以收集信息,并且我正在使用 jsoup 来解析 HTML.但是,每当我尝试连接到 URL 以下载源代码时,都会收到一条错误消息,说明有关 PKIX 构建路径的信息.我环顾四周,发现的所有内容都说要将网站的 CA Root 证书添加到我的信任库中,我这样做了,但问题仍然存在(CA Root 证书已经存在).我可以通过网络浏览器连接到网站,但不能通过 URL 类.这是我可以编写的最基本的代码,它会产生错误.
公共类 URLConnectStart {公共静态无效主要(字符串[]参数){尝试 {URL u = 新 URL("https://ntst.umd.edu/soc/");u.openStream();} 捕捉(MalformedURLException e){e.printStackTrace();} 捕捉(IOException e){e.printStackTrace();}}}
这是错误
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径在 sun.security.ssl.Alerts.getSSLException(未知来源)在 sun.security.ssl.SSLSocketImpl.fatal(未知来源)在 sun.security.ssl.Handshaker.fatalSE(未知来源)在 sun.security.ssl.Handshaker.fatalSE(未知来源)在 sun.security.ssl.ClientHandshaker.serverCertificate(未知来源)在 sun.security.ssl.ClientHandshaker.processMessage(未知来源)在 sun.security.ssl.Handshaker.processLoop(未知来源)在 sun.security.ssl.Handshaker.process_record(未知来源)在 sun.security.ssl.SSLSocketImpl.readRecord(未知来源)在 sun.security.ssl.SSLSocketImpl.performInitialHandshake(未知来源)在 sun.security.ssl.SSLSocketImpl.startHandshake(未知来源)在 sun.security.ssl.SSLSocketImpl.startHandshake(未知来源)在 sun.net.www.protocol.https.HttpsClient.afterConnect(未知来源)在 sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(未知来源)在 sun.net.www.protocol.http.HttpURLConnection.getInputStream0(未知来源)在 sun.net.www.protocol.http.HttpURLConnection.getInputStream(未知来源)在 sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(未知来源)在 java.net.URL.openStream(未知来源)在 URLConnectStart.run(URLConnectStart.java:14)在 URLConnectStart.main(URLConnectStart.java:8)原因:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径在 sun.security.validator.PKIXValidator.doBuild(未知来源)在 sun.security.validator.PKIXValidator.engineValidate(未知来源)在 sun.security.validator.Validator.validate(未知来源)在 sun.security.ssl.X509TrustManagerImpl.validate(未知来源)在 sun.security.ssl.X509TrustManagerImpl.checkTrusted(未知来源)在 sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(未知来源)... 16 更多原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径在 sun.security.provider.certpath.SunCertPathBuilder.build(未知来源)在 sun.security.provider.certpath.SunCertPathBuilder.engineBuild(未知来源)在 java.security.cert.CertPathBuilder.build(未知来源)... 22 更多
来自 chrome 的有关网站证书的信息
任何帮助将不胜感激.这不是一个关键应用程序,因此安全性并不是那么重要,但如果我能保持安全性,我宁愿这样做.无论如何,我想做的就是通过代码下载这个网站的 HTML.
谢谢.
解决方案网站
如果您是站点管理员,解决此问题的正确方法是提供中间证书,以便发送完整的链.即使您是最终用户,也请考虑联系网站以解决此问题.由于此问题,使用 Android 浏览器的人也将无法访问此站点,除非接受安全警告.
与此同时,如果您想在您的客户端中解决此问题,您可以下载缺失的中级证书 和 将其添加到您的 Java 证书存储.
I am trying to connect to a webpage to gather information, and I am using jsoup to parse the HTML. However, whenever I try to connect to the URL to download the source, I get an error saying something about the PKIX build path. I've looked around, and everything I've found says to add the website's CA Root certificate to my truststore, which I did, but the problem persists (The CA Root cert was already there). I am able to connect to the website through a web browser, but not through a URL class. Here is the most basic code I could write which would produce the error.
public class URLConnectStart {
public static void main(String[] args) {
try {
URL u = new URL("https://ntst.umd.edu/soc/");
u.openStream();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
Here is the error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at URLConnectStart.run(URLConnectStart.java:14)
at URLConnectStart.main(URLConnectStart.java:8)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more
Info from chrome regarding the website's cert
Any help would be appreciated. This is not a critical application, so security is not all that important, but if I can maintain security I would rather do so. Regardless, all I want to be able to do is download the HTML for this website through code.
Thank you.
解决方案The website does not provide an intermediate certificate that is required to complete the certificate chain. Some user agents/ browsers have a functionality called AIA chasing where they download the necessary intermediates but the Java client isn't one of them.
If you are the site admin, the correct way to address this is to supply the intermediate certificate so that the complete chain is sent. Even if you are an end user, do consider contacting the website to fix this issue. Folks using the Android browsers will also be unable to access this site without accepting a security warning due to this issue.
In the meantime, if you'd like to address this in your client, you can download the missing intermediate cert and add it to your Java certificate store.
相关文章