我正在尝试使用twitter4j库为我的java项目发送推文.在我第一次运行时,我收到了关于证书sun.security.validator.ValidatorException
和错误的错误sun.security.provider.certpath.SunCertPathBuilderException
.然后我添加了twitter证书:
C:\Program Files\Java\jdk1.7.0_45\jre\lib\security>keytool -importcert -trustcacerts -file PathToCert -alias ca_alias -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"
但没有成功.这是获得twitters的过程:
public static void main(String[] args) throws TwitterException { ConfigurationBuilder cb = new ConfigurationBuilder(); cb.setDebugEnabled(true) .setOAuthConsumerKey("myConsumerKey") .setOAuthConsumerSecret("myConsumerSecret") .setOAuthAccessToken("myAccessToken") .setOAuthAccessTokenSecret("myAccessTokenSecret"); TwitterFactory tf = new TwitterFactory(cb.build()); Twitter twitter = tf.getInstance(); try { Query query = new Query("iphone"); QueryResult result; result = twitter.search(query); System.out.println("Total amount of tweets: " + result.getTweets().size()); Listtweets = result.getTweets(); for (Status tweet : tweets) { System.out.println("@" + tweet.getUser().getScreenName() + " : " + tweet.getText()); } } catch (TwitterException te) { te.printStackTrace(); System.out.println("Failed to search tweets: " + te.getMessage()); }
这是错误:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Relevant discussions can be found on the Internet at: http://www.google.co.jp/search?q=d35baff5 or http://www.google.co.jp/search?q=1446302e TwitterException{exceptionCode=[d35baff5-1446302e 43208640-747fd158 43208640-747fd158 43208640-747fd158], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5} at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177) at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61) at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:81) at twitter4j.TwitterImpl.get(TwitterImpl.java:1929) at twitter4j.TwitterImpl.search(TwitterImpl.java:306) at jku.cc.servlets.TweetsAnalyzer.main(TweetsAnalyzer.java:38) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source) at twitter4j.internal.http.HttpResponseImpl.(HttpResponseImpl.java:34) at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:141) ... 5 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 20 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 26 more Failed to search tweets: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
MagGGG.. 465
转到firefox浏览器中的URL,单击HTTPS证书链(URL地址旁边).点击"more info" > "security" > "show certificate" > "details" > "export.."
.选择名称并选择文件类型example.cer.现在你有了keystore的文件,你必须将它添加到你的JVM
确定cacerts文件的位置,例如.
C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts.
接下来,example.cer
在命令行中将文件导入cacerts:
keytool -import -alias example -keystore C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts -file example.cer
系统会要求您输入默认密码 changeit
重新启动JVM/PC.
来源:http: //magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html
转到firefox浏览器中的URL,单击HTTPS证书链(URL地址旁边).点击"more info" > "security" > "show certificate" > "details" > "export.."
.选择名称并选择文件类型example.cer.现在你有了keystore的文件,你必须将它添加到你的JVM
确定cacerts文件的位置,例如.
C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts.
接下来,example.cer
在命令行中将文件导入cacerts:
keytool -import -alias example -keystore C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts -file example.cer
系统会要求您输入默认密码 changeit
重新启动JVM/PC.
来源:http: //magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html
经过几个小时尝试构建证书文件以使我的Java 6安装与新的twitter证书一起使用后,我终于偶然发现了一个非常简单的解决方案,其中包含一个留言板中的注释.只需从Java 7安装中复制cacerts文件并覆盖Java 6安装中的文件.可能最好先备份cacerts文件,但是你只需要复制新的文件和BOOM!它只是工作.
请注意,我实际上将Windows cacerts文件复制到Linux安装上,它运行得很好.
该文件位于jre/lib/security/cacerts
新旧Java jdk安装中.
希望这可以拯救别人几个小时的恶化.
我偶然发现了这个需要花费数小时研究才能修复的问题,特别是使用自动生成的证书,这与官方证书不同,它们非常棘手,而Java并不那么喜欢它们.
请检查以下链接:解决Java证书问题
基本上,您必须将证书从服务器添加到Java Home证书.
生成或获取证书并配置Tomcat以在Servers.xml中使用它
下载类的Java源代码InstallCert
并在服务器运行时执行它,提供以下参数server[:port]
.不需要密码,因为原始密码适用于Java证书("changeit").
程序将连接到服务器,Java将抛出异常,它将分析服务器提供的证书,并允许您jssecerts
在执行程序的目录中创建文件(如果从Eclipse执行,请确保配置工作目录中Run -> Configurations
).
手动将该文件复制到 $JAVA_HOME/jre/lib/security
执行这些步骤后,与证书的连接将不再在Java中生成异常.
以下源代码很重要,它从(Sun)Oracle博客中消失了,我发现它唯一的页面是在提供的链接上,因此我将其附在答案中以供参考.
/* * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * - Neither the name of Sun Microsystems nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * Originally from: * http://blogs.sun.com/andreas/resource/InstallCert.java * Use: * java InstallCert hostname * Example: *% java InstallCert ecc.fedora.redhat.com */ import javax.net.ssl.*; import java.io.*; import java.security.KeyStore; import java.security.MessageDigest; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * Class used to add the server's certificate to the KeyStore * with your trusted certificates. */ public class InstallCert { public static void main(String[] args) throws Exception { String host; int port; char[] passphrase; if ((args.length == 1) || (args.length == 2)) { String[] c = args[0].split(":"); host = c[0]; port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); String p = (args.length == 1) ? "changeit" : args[1]; passphrase = p.toCharArray(); } else { System.out.println("Usage: java InstallCert [:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (file.isFile() == false) { char SEP = File.separatorChar; File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); file = new File(dir, "jssecacerts"); if (file.isFile() == false) { file = new File(dir, "cacerts"); } } System.out.println("Loading KeyStore " + file + "..."); InputStream in = new FileInputStream(file); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); in.close(); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[]{tm}, null); SSLSocketFactory factory = context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port + "..."); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println(); System.out.println("No errors, certificate is already trusted"); } catch (SSLException e) { System.out.println(); e.printStackTrace(System.out); } X509Certificate[] chain = tm.chain; if (chain == null) { System.out.println("Could not obtain server certificate chain"); return; } BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.println(); System.out.println("Server sent " + chain.length + " certificate(s):"); System.out.println(); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; System.out.println (" " + (i + 1) + " Subject " + cert.getSubjectDN()); System.out.println(" Issuer " + cert.getIssuerDN()); sha1.update(cert.getEncoded()); System.out.println(" sha1 " + toHexString(sha1.digest())); md5.update(cert.getEncoded()); System.out.println(" md5 " + toHexString(md5.digest())); System.out.println(); } System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); String line = reader.readLine().trim(); int k; try { k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; } catch (NumberFormatException e) { System.out.println("KeyStore not changed"); return; } X509Certificate cert = chain[k]; String alias = host + "-" + (k + 1); ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts"); ks.store(out, passphrase); out.close(); System.out.println(); System.out.println(cert); System.out.println(); System.out.println ("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'"); } private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); private static String toHexString(byte[] bytes) { StringBuilder sb = new StringBuilder(bytes.length * 3); for (int b : bytes) { b &= 0xff; sb.append(HEXDIGITS[b >> 4]); sb.append(HEXDIGITS[b & 15]); sb.append(' '); } return sb.toString(); } private static class SavingTrustManager implements X509TrustManager { private final X509TrustManager tm; private X509Certificate[] chain; SavingTrustManager(X509TrustManager tm) { this.tm = tm; } public X509Certificate[] getAcceptedIssuers() { throw new UnsupportedOperationException(); } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new UnsupportedOperationException(); } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { this.chain = chain; tm.checkServerTrusted(chain, authType); } } }
我的UI方法:
下载http://www.keystore-explorer.org/
打开$ JAVA_HOME/jre/lib/security/cacerts
输入PW:changeit(可以在Mac上更改)
导入.crt文件
CMD线:
keytool -importcert -file jetty.crt -alias jetty -keystore $ JAVA_HOME/jre/lib/security/cacerts
输入PW:changeit(可以在Mac上更改)
尝试载入目标网址的浏览器,并查看该网站的证书(通常是通过与锁标志的图标进行访问.这是在浏览器的地址栏的左侧或右侧),不管是过期或其他原因不信任.
新版本通常附带更新的可信证书集.
如果可能的话,卸载旧版本.这将使错误配置错误显而易见.
检查JAVA_HOME环境变量指向的位置.
检查用于运行程序的java版本.在IntelliJ检查中:
文件 - >项目结构... - >项目设置 - >项目 - >项目SDK:
文件 - >项目结构... - >平台设置 - > SDK
如果你的JDK比最新可用的其他下发展-尝试更换%JAVA_HOME%/jre/lib/security/cacerts
与安装最新版本的JRE新一(做一个备份副本)文件作为@杰里米-古德尔在他的建议答复
如果以上没有解决您的问题,请使用keytool
将证书保存到Java的密钥库:
keytool -trustcacerts -keystore "%JAVA_HOME%jre\lib\security\cacerts" -storepass changeit -importcert -alias <alias_name> -file <path_to_crt_file>
带有证书的文件可以从@MagGGG在他的回答中建议的浏览器中获得.
注意1:您可能需要对链中的每个证书重复此操作,以获取您站点的证书.从根目录开始.
注2:<alias_name>
商店中的键应该是唯一的,否则keytool
会显示错误.
要获取商店中所有证书的列表,您可以运行:
keytool -list -trustcacerts -keystore "%JAVA_HOME%jre\lib\security\cacerts" -storepass changeit
如果出现问题,这将有助于您从商店中删除证书:
keytool -delete -alias <alias_name> -keystore "%JAVA_HOME%jre\lib\security\cacerts" -storepass changeit
之所以会出现上述错误,是因为JDK与许多受信任的证书颁发机构(CA)证书捆绑在一起,称为“ cacerts”文件,但是此文件不包含我们的自签名证书。换句话说,cacerts文件没有导入我们的自签名证书,因此不会将其视为受信任的实体,因此会出现上述错误。
如何解决以上错误
要解决以上错误,我们需要将自签名证书导入cacerts文件。
首先,找到cacerts文件。我们将需要找出JDK的位置。如果通过Eclipse或IntelliJ Idea等IDE之一运行应用程序,请转到项目设置并找出JDK的位置。例如,在Mac OS上,cacerts文件的典型位置将位于Windows计算机上的/ Library / Java / JavaVirtualMachines / {{JDK_version}} / Contents / Home / jre / lib / security处,该位置位于{{Installation_directory} } / {{JDK_version}} / jre / lib / security
找到cacerts文件后,现在我们需要将自签名证书导入此cacerts文件。如果您不知道如何正确生成自签名证书,请查看上一篇文章。
如果您没有证书文件(.crt),而只有.jks文件,则可以使用以下命令生成.crt文件。如果您已经有一个.crt / .pem文件,则可以忽略以下命令
##从密钥库(.jks文件)生成证书####
keytool -export -keystore keystore.jks -alias selfsigned -file selfsigned.crt
上面的步骤将生成一个名为selfsigned.crt的文件。现在将证书导入到cacerts
现在将证书添加到JRE / lib / security / cacerts(trustore)keytool -importcert -file selfsigned.crt -alias selfsigned -keystore {{cacerts path}}
例如
keytool -importcert -file selfsigned.nextgen.crt -alias selfsigned.nextgen -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts
就是这样,重新启动您的应用程序,它应该可以正常工作。如果仍然无法正常工作,请获取SSL握手异常。这可能意味着您使用的是不同于证书中注册的域。
详细说明和逐步解决方法的链接已在此处结束。
问题背景:
当我尝试在我的项目中并通过Netbeans IDE clean and build选项运行mvn clean install时,出现以下错误。此问题归因于当我们通过NET bean IDE /通过命令提示符下载但无法通过浏览器下载文件时,证书不可用。
错误:
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact com.java.project:product:jar:1.0.32 from/to repo-local (https://url/local-repo): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
解析度:
1.下载相关网址的证书:
通过“以管理员身份运行”启动IE(否则,我们将无法下载证书)
在IE-> https:// url / local-repo中输入网址
(在我的情况下,该网址具有不受信任的证书
通过单击证书错误->查看证书下载证书
选择详细信息选项卡->复制到文件->下一步->选择“ DER编码的二进制X.509(.CER)
将证书保存在某个位置,例如:c:/user/sheldon/desktop/product.cer
恭喜!您已经成功下载了该站点的证书
2.现在安装密钥库以解决此问题。
运行keytool命令将下载的密钥库附加到现有证书文件中。
命令:在jdk(JAVA_HOME)的bin文件夹中的命令下方。
C:\ Program Files \ Java \ jdk1.8.0_141 \ jre \ bin> keytool -importcert-文件“ C:/user/sheldon/desktop/product.cer”-别名产品-keystore“ C:/ Program Files / Java / jdk1.8.0_141 / jre / lib / security / cacerts”。
系统将提示您输入密码。输入密钥库密码:再次输入“ changeit”作为“信任此证书?[否]:”,输入“是”
样例命令行命令/输出:
keytool -importcert -file "C:/Users/sheldon/Desktop/product.cer" -alias product -keystore "C:/Program iles/Java/jdk1.8.0_141/jre/lib/security/cacerts" Enter keystore password: Trust this certificate? [no]: yes Certificate was added to keystore
恭喜!现在您应该摆脱了Netbeans IDE中的“ PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException”错误。
-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
它用于跳转证书验证。
我想为smtp.gmail.com导入证书
只有解决方案适用于我1.输入命令查看此证书
D:\ openssl\bin\openssl.exe s_client -connect smtp.gmail.com:465
将"----- BEGIN CERTIFICATE -----"和"----- END CERTIFICATE -----"之间的行复制并保存到文件gmail.cer中
跑
keytool -import -alias smtp.gmail.com -keystore"%JAVA_HOME%/ jre/lib/security/cacerts"-file C:\ Users\Admin\Desktop\gmail.cer
输入密码chageit
单击"是"以导入证书
重启java
现在运行命令,你很高兴
当我的系统上存在JDK和JRE 1.8.0_112时,情况略有不同.
我[JDK_FOLDER]\jre\lib\security\cacerts
使用已知的命令导入了新的CA证书:
keytool -import -trustcacerts -keystore cacerts -alias <new_ca_alias> -file <path_to_ca_cert_file>
尽管如此,我仍然保持相同的PKIX路径构建失败错误.
我通过使用将调试信息添加到java CLI java -Djavax.net.debug=all ... > debug.log
.在debug.log文件中,以trustStore开头的行是:实际指向找到的cacerts商店[JRE_FOLDER]\lib\security\cacerts
.
在我的情况下,解决方案是将JDK(添加了新CA)使用的cacerts文件复制到JRE使用的文件上并修复了问题.