无法找到到达请求目标的有效认证路径

问题描述 投票:0回答:3

我正在使用restTemplate发出发布请求,但收到以下错误:无法找到请求目标的有效证书路径

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我的方法如下:

    public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
        try {
            ImageDescriptor descriptor = new ImageDescriptor();

            String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
            String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);

            log.info("payload" + payLoad);

            ResponseEntity<Resource> responseEntity = restTemplate.exchange(
                    eURL,
                    HttpMethod.POST,
                    niService.getStringHttpEntityWithPayload(payLoad),
                    Resource.class);
            log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
            descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());

            convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");

            log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));


            return descriptor;
        } catch (IOException e) {
            e.printStackTrace();
            log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
            throw new RuntimeException(e);
        }
    }
java spring spring-boot validation resttemplate
3个回答
30
投票

从客户端到服务器建立连接时请求失败。失败的原因是客户端无法验证服务器的身份/证书。在

client-server
握手过程中,客户端需要颁发者/根证书来验证服务器的身份。大多数由知名可信机构颁发的根证书都随 JDK 一起提供,并存在于 Keystore 文件中,称为 
cacerts

我们来谈谈您的案例。它可能属于以下类别之一。

  • 服务器正在使用由证书颁发机构颁发的证书,而该证书颁发机构的根证书和中间证书不存在于 JDK 中。
  • 服务器正在使用内部 CA 颁发的证书。
  • 服务器正在使用自签名证书。

您需要将根证书和中间证书添加到java cacerts密钥存储中。

获取根证书和中间证书的一种方法是在浏览器中访问服务器站点。单击网址栏中的安全锁垫并浏览证书选项。您需要使用复制选项导出根证书和中间证书,并将证书文件保存在系统上。

转到 cacerts 所在的位置 

eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security
并打开命令提示符以执行以下命令。

keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts

默认密码是

changeit

0
投票

如果 cacerts 包含根 CA 证书,但您仍然看到错误,请确保您的 java 程序正在选择正确的密钥库。它可能会获取除 cacerts 之外的另一个密钥库。

0
投票

对于使用开放jdk的用户,可以运行以下命令:

sudo keytool -import -trustcacerts -keystore /opt/homebrew/Cellar/openjdk\@17/17.0.8/libexec/openjdk.jdk/Contents/Home/lib/security/cacerts -storepass {your store password if any} -noprompt -alias {any random name alias} -file {your path to certificate.cer}

根据您机器上安装的版本替换上面的jdk版本。如果你想改变默认的java版本,你可以运行

/usr/libexec/java_home -v 17
。将 17 替换为所需的版本

要下载 URL 的证书,请执行以下操作:

  1. 在 Chrome 中打开 URL,单击地址栏开头的锁定按钮
  2. 单击“连接是安全的”
  3. 然后点击“证书有效”,弹出窗口
  4. 转到“详细信息”选项卡,然后单击“导出”,将在其上下载证书
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.