使用Apache Commons HttpClient 3.1连接到Java中的安全服务器抛出ValidatorException
-
06-07-2019 - |
题
我正在尝试使用 Apache Commons HttpClient 3.1
连接到安全服务器。
问题是每次应用程序连接时抛出一个
sun.security.validator.ValidatorException。
以下是 stacktrace :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径验证 失败:java.security.cert.CertPathValidatorException:subject / issuer 名称链检查失败javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径验证 失败:java.security.cert.CertPathValidatorException:subject / issuer 名称链检查失败 在com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) 在com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) 在com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) 在com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) 在com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) 在com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) 在com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) 在java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) 在java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) 在org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506) 在org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) 在org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 在org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 在org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 在org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 在org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) at balanceschecker.connector.Connector.conn(Connector.java:27) at balanceschecker.connector.Connector.RawPost(Connector.java:99) at balanceschecker.connector.Connector.Post(Connector.java:111) at balanceschecker.login.Login.Login(Login.java:87) at balanceschecker.Main.main(Main.java:21)引起:sun.security.validator.ValidatorException:PKIX路径验证 失败:java.security.cert.CertPathValidatorException:subject / issuer 名称链检查失败 at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:158) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) 在com.sun.net.ssl.internal.ssl。
解决方案
此错误表示无法验证证书链。可能的原因是,
- 您的JRE不信任根CA.
- 证书由中间证书签名,但服务器不随证书一起发送。 醇>
以下是获取根证书列表的方法,
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -v
我不知道任何Java方法来检查是否发送了中间证书。我使用openssl,
openssl s_client -host example.com -port 443
将显示服务器发送的所有证书。注意“证书链”。