我正在尝试使用 HttpClient 对象连接到网站。它适用于我们通常使用的网站(如谷歌)。但是有一个网站,当我尝试连接时,我的程序给出了这个错误..
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
....................
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
...............
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 27 more
当我尝试从浏览器访问此网址时,我必须单击仍然继续。否则浏览器将无法加载该页面。它会给出一个隐私错误,提示您的连接不是私有的。
我怎样才能在我的java应用程序中克服这个问题..?我希望我的软件能够连接该网址,没有任何错误或不要求任何确认。
TrustSelfSignedStrategy
方法当我使用 TrustSelfSignedStrategy 对象作为 HttpClient 的信任材料时,问题得到了解决。
httpClient = HttpClients.custom()
.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build()
)
).build();
TrustAllStrategy
方法如果上述方法不起作用,例如因为服务器提供的证书不是自签名证书,而是由于其他原因(例如主机名不匹配)而不受信任,那么这是一种更残酷的方法。 不要在生产中使用它,因为它会盲目信任所有证书。这通常仅对单元/集成测试和其他类似场景有用。
httpClient = HttpClients.custom()
.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
.loadTrustMaterial(null, new TrustAllStrategy())
.build()
)
).build();
对于 HttpClient4.x,以下将信任所有
public static HttpClientBuilder createTrustAllHttpClientBuilder() {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, (chain, authType) -> true);
SSLConnectionSocketFactory sslsf = new
SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
return HttpClients.custom().setSSLSocketFactory(sslsf);
}