我在运行以下代码的地方出现错误:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我尝试将证书添加到 JDK 的 CAcerts 密钥库,但错误没有任何变化。无论如何,他们是否要弄清楚它正在读取哪个密钥库?或者这个问题是别的什么?
public static void main(String args[]) throws Exception {
SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
SOAPConnection soapConnection = soapConnectionFactory.createConnection();
String url = "https://www.mywebservice.com/ws";
SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(),url);
// print SOAP Response
System.out.print("Response SOAP Message:");
soapResponse.writeTo(System.out);
soapConnection.close();
}
谢谢您,我很乐意提供所需的任何其他详细信息。
您必须将服务器证书或根 CA 添加到 JDK 使用的信任库中。默认情况下使用
jre/lib/security/cacerts如果您已经导入了服务器证书,请确认您确实使用了正确的JDK,或者证书已成功导入。您可以使用 GUI 工具,例如 http://www.keystore-explorer.org/ 或使用 keytool
您还可以使用包含服务器证书的 JKS 文件来使用自己的信任库(推荐)。这样配置使用
System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");
我尝试在我的工作计算机上安装新的 Eclipse 副本时遇到类似的异常。我点击了 Eclipse Installer 应用程序中的 INSTALL 按钮,它启动然后失败。
这是我在查看单击“安装”按钮后生成的错误日志后看到的异常链的摘要:
[2023-04-06 18:25:37] Executing bootstrap tasks
[2023-04-06 18:25:37] OpenJDK Runtime Environment 17.0.6+10
[2023-04-06 18:25:37] Product org.eclipse.products.epp.package.java.2023-03
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup 1.26.0.v20230203-1538, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup.core 1.26.0.v20230204-0932, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Bundle org.eclipse.oomph.setup.p2 1.19.0.v20220607-1104, build=5840, branch=232d5d6b465d15aa8cd333d7222eabc545dd1478
[2023-04-06 18:25:37] Performing P2 Director (Eclipse IDE for Java Developers (2023-03))
...
[2023-04-06 18:25:37] Requirement org.eclipse.equinox.p2.iu:org.eclipse.wildwebdeveloper.xml.feature.feature.group
[2023-04-06 18:25:37] Requirement org.eclipse.equinox.p2.iu:org.eclipse.oomph.setup.feature.group
[2023-04-06 18:25:37] Repository https://download.eclipse.org/technology/epp/packages/2023-03/202303091200
[2023-04-06 18:25:37] Repository https://download.eclipse.org/releases/2023-03/202303151000
[2023-04-06 18:25:37] Repository https://download.eclipse.org/oomph/updates/milestone/latest
[2023-04-06 18:25:39] ERROR: org.eclipse.equinox.p2.transport.ecf code=1002 Unable to read repository at https://download.eclipse.org/technology/epp/packages/2023-03/202303091200/content.xml.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.Validator.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at
java.base/sun.security.validator.Validator.validate(Unknown Source)
如果您使用的是 Zscaler,请从浏览器下载 ZscalerRootCA.crt 证书并将其应用于您的 jdk 的 cacerts 文件。 以管理员权限打开 CMD,然后在你的 jdk 文件夹中运行
keytoolC:\Program Files\Java\jdk-20\lib\security>keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias ZscalerRootCA -file ZscalerRootCA.crt