我正在使用restTemplate发出发布请求,但收到以下错误:无法找到请求目标的有效证书路径
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我的方法如下:
public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
try {
ImageDescriptor descriptor = new ImageDescriptor();
String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);
log.info("payload" + payLoad);
ResponseEntity<Resource> responseEntity = restTemplate.exchange(
eURL,
HttpMethod.POST,
niService.getStringHttpEntityWithPayload(payLoad),
Resource.class);
log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());
convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");
log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));
return descriptor;
} catch (IOException e) {
e.printStackTrace();
log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
throw new RuntimeException(e);
}
}
从客户端到服务器建立连接时请求失败。失败的原因是客户端无法验证服务器的身份/证书。在
client-server
握手过程中,客户端需要颁发者/根证书来验证服务器的身份。大多数由知名可信机构颁发的根证书都随 JDK 一起提供,并存在于 Keystore 文件中,称为 cacerts
。
我们来谈谈您的案例。它可能属于以下类别之一。
您需要将根证书和中间证书添加到java cacerts密钥存储中。
获取根证书和中间证书的一种方法是在浏览器中访问服务器站点。单击网址栏中的安全锁垫并浏览证书选项。您需要使用复制选项导出根证书和中间证书,并将证书文件保存在系统上。
转到 cacerts 所在的位置
eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security
并打开命令提示符以执行以下命令。
keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts
默认密码是
changeit
如果 cacerts 包含根 CA 证书,但您仍然看到错误,请确保您的 java 程序正在选择正确的密钥库。它可能会获取除 cacerts 之外的另一个密钥库。
对于使用开放jdk的用户,可以运行以下命令:
sudo keytool -import -trustcacerts -keystore /opt/homebrew/Cellar/openjdk\@17/17.0.8/libexec/openjdk.jdk/Contents/Home/lib/security/cacerts -storepass {your store password if any} -noprompt -alias {any random name alias} -file {your path to certificate.cer}
根据您机器上安装的版本替换上面的jdk版本。如果你想改变默认的java版本,你可以运行
/usr/libexec/java_home -v 17
。将 17 替换为所需的版本
要下载 URL 的证书,请执行以下操作: