1. 技术文章
  2. See keystore used by SSLFactory? Exception: “sun…certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

See keystore used by SSLFactory? Exception: “sun…certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

北慕城南 提交于 2020-02-04 05:49:07

问题


Authorize.net updated their production certificates, and now our SSL code is generating the following exception:

Exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

According to this blog post from Authorize.net, we need to install new root certs on our server. We did this, but the exception persists. So now the suspicion is that new certs weren't installed to the right keystore. How do we see which keystore is being used by the code?

Here's the code below:

SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(addr,443);

And yes, we should use Stripe instead, but this site was built long before Stripe came around. :(


回答1:


Solution is to add that certificate to java cacerts file so that it got permanently accepted.

Step 1 : Get root certificate of https://www.wikipedia.org (or any url you want to access)

  1. Open https://www.wikipedia.org in a chrome browser.
  2. locate Lock symbol just besides your address bar and click on it.
  3. view Details
  4. Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
  5. drag and drop that image which you saw written certificate on desktop.

Thats it! you got your root certificate!

Step 2 : Get that certificate added to java cacerts file.

  1. use keytool.exe inside your jre bin folder.
  2. fire following command to place your certificate inside cacerts file

keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit

That is it! you got your problem resolved.

PLEASE NOTE

  1. Do confirm that the jre which is giving you this PKIX error(JRE used by KAFKA) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.

  2. Do use only one jre which is inside JDK it decreases chance to have issues.



来源:https://stackoverflow.com/questions/30519751/see-keystore-used-by-sslfactory-exception-sun-certpath-suncertpathbuildere

标签
java
ssl
server
credit-card
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!