转自:https://blog.csdn.net/jiang1986829/article/details/50955359/

背景:最近在配置Jenkins的邮件发送功能时,正确设置好各参数后,在进行通过发送测试邮件测试配置时,总是出现unable to find valid certification path to requested target的错误,自己在网上也查找了很多资料,但网上涉及Jenkins邮箱的配置资料基本上是qq、163邮箱等,总之该问题困扰了自己很久,现将解决方案给出,希望对后续的其他人有较好的帮助。

在刚开始的时候,

尝试了下载任意网页ssl协议的证书 比如说百度和火狐认证的证书添加至秘钥库中,仍然不行,觉得应该要针对性的去添加证书

,发现自己解决问题的思路有点问题,那么就改变自己的解决思路,先还是按照网上已公开的资料,重新设置了邮箱,然后看出错的提示信息,从提示信息中,发现问题可能出现在访问时的SSH证书,想到这,自己通过浏览器访问公司邮箱的服务器,发现公司邮箱的请求是由https协议实现的,因此自己就朝这个方向去寻找解决方案,总算有点头绪了,给自己一点鼓励。

有了头绪后,自己很快在网上找到了解决该问题的方案,原来该问题的主要原因是因为服务器端的证书在客户端没有被认证,因此解决该问题,只需要将服务器端的证书导入到java keystore中,具体的操作步骤如下: 
1、得到InstallCert.java程序,该程序主要是获取SSH的安全证书,也可以将以下代码直接复制,保存为InstallCert.java:

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;  import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;  public class InstallCert {  public static void main(String[] args) throws Exception {  String host;  int port;  char[] passphrase;  if ((args.length == 1) || (args.length == 2)) {  String[] c = args[0].split(":");  host = c[0];  port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);  String p = (args.length == 1) ? "changeit" : args[1];  passphrase = p.toCharArray();  } else {  System.out  .println("Usage: java InstallCert <host>[:port] [passphrase]");  return;  }  File file = new File("jssecacerts");  if (file.isFile() == false) {  char SEP = File.separatorChar;  File dir = new File(System.getProperty("java.home") + SEP + "lib"  + SEP + "security");  file = new File(dir, "jssecacerts");  if (file.isFile() == false) {  file = new File(dir, "cacerts");  }  }  System.out.println("Loading KeyStore " + file + "...");  InputStream in = new FileInputStream(file);  KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());  ks.load(in, passphrase);  in.close();  SSLContext context = SSLContext.getInstance("TLS");  TrustManagerFactory tmf = TrustManagerFactory  .getInstance(TrustManagerFactory.getDefaultAlgorithm());  tmf.init(ks);  X509TrustManager defaultTrustManager = (X509TrustManager) tmf  .getTrustManagers()[0];  SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);  context.init(null, new TrustManager[] { tm }, null);  SSLSocketFactory factory = context.getSocketFactory();  System.out  .println("Opening connection to " + host + ":" + port + "...");  SSLSocket socket = (SSLSocket) factory.createSocket(host, port);  socket.setSoTimeout(10000);  try {  System.out.println("Starting SSL handshake...");  socket.startHandshake();  socket.close();  System.out.println();  System.out.println("No errors, certificate is already trusted");  } catch (SSLException e) {  System.out.println();  e.printStackTrace(System.out);  }  X509Certificate[] chain = tm.chain;  if (chain == null) {  System.out.println("Could not obtain server certificate chain");  return;  }  BufferedReader reader = new BufferedReader(new InputStreamReader(  System.in));  System.out.println();  System.out.println("Server sent " + chain.length + " certificate(s):");  System.out.println();  MessageDigest sha1 = MessageDigest.getInstance("SHA1");  MessageDigest md5 = MessageDigest.getInstance("MD5");  for (int i = 0; i < chain.length; i++) {  X509Certificate cert = chain[i];  System.out.println(" " + (i + 1) + " Subject "  + cert.getSubjectDN());  System.out.println("   Issuer  " + cert.getIssuerDN());  sha1.update(cert.getEncoded());  System.out.println("   sha1    " + toHexString(sha1.digest()));  md5.update(cert.getEncoded());  System.out.println("   md5     " + toHexString(md5.digest()));  System.out.println();  }  System.out  .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");  String line = reader.readLine().trim();  int k;  try {  k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;  } catch (NumberFormatException e) {  System.out.println("KeyStore not changed");  return;  }  X509Certificate cert = chain[k];  String alias = host + "-" + (k + 1);  ks.setCertificateEntry(alias, cert);  OutputStream out = new FileOutputStream("jssecacerts");  ks.store(out, passphrase);  out.close();  System.out.println();  System.out.println(cert);  System.out.println();  System.out  .println("Added certificate to keystore 'jssecacerts' using alias '"  + alias + "'");  }  private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();  private static String toHexString(byte[] bytes) {  StringBuilder sb = new StringBuilder(bytes.length * 3);  for (int b : bytes) {  b &= 0xff;  sb.append(HEXDIGITS[b >> 4]);  sb.append(HEXDIGITS[b & 15]);  sb.append(' ');  }  return sb.toString();  }  private static class SavingTrustManager implements X509TrustManager {  private final X509TrustManager tm;  private X509Certificate[] chain;  SavingTrustManager(X509TrustManager tm) {  this.tm = tm;  }  @Overridepublic X509Certificate[] getAcceptedIssuers() {  return new X509Certificate[0];//throw new UnsupportedOperationException();  }  public void checkClientTrusted(X509Certificate[] chain, String authType)  throws CertificateException {  throw new UnsupportedOperationException();  }  public void checkServerTrusted(X509Certificate[] chain, String authType)  throws CertificateException {  this.chain = chain;  tm.checkServerTrusted(chain, authType);  }  }  }

2、编译:javac InstallCert.java 
3、运行:java InstallCert email.ssscc.com.cn:465,当提示Enter certificate to add to trusted keystore or ‘q’ to quit: [1]时,输入1,回车

E:\>java InstallCert email.ssscc.com.cn:465
Loading KeyStore D:\Program Files\Java\jre7\lib\security\cacerts...
Opening connection to email.ssscc.com.cn:465...
Starting SSL handshake...javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)at InstallCert.main(InstallCert.java:87)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested targetat sun.security.validator.PKIXValidator.doBuild(Unknown Source)at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)at sun.security.validator.Validator.validate(Unknown Source)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:182)... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted targetat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)at java.security.cert.CertPathBuilder.build(Unknown Source)... 15 moreServer sent 1 certificate(s):1 Subject CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=myIssuer  CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=mysha1    32 3e 15 42 96 ba e9 4d 9c 5d e7 5e 6b 0f 30 23 b4 e3 f4 98md5     c8 dd a1 af 9f 55 a0 7f 6e 98 10 de 8c 63 1b a5Enter certificate to add to trusted keystore or 'q' to quit: [1]
1[
[Version: V3Subject: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=mySignature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5Key:  Sun RSA public key, 1024 bitsmodulus: 1129473579651954554552730664834664064459539051598864058082387115962631728819634110255367718769683451438528187
923246533854744470790959477657386037636238098777089479256059697784394926741427654735994678054030193662669088404706890444
59364523220747231216704221781747262219695262340353839314222273672957748320603247public exponent: 65537Validity: [From: Tue Dec 14 15:13:51 SGT 2010,To: Mon Mar 14 15:13:51 SGT 2011]Issuer: CN=yong mook kim, OU=mkyong, O=mkyong, L=puchong, ST=PJ, C=mySerialNumber: [    4d07192f]]Algorithm: [SHA1withRSA]Signature:
0000: 38 E4 F4 D9 51 B1 5F C1   01 13 32 79 DE 97 26 58  8...Q._...2y..&X
0010: 13 08 F1 A0 33 DB B9 90   AF EE 9E AE B9 9B 68 7D  ....3.........h.
0020: DF E8 7D 79 9D 92 24 4A   76 C9 4C 28 DA 68 B0 62  ...y..$Jv.L(.h.b
0030: FF AB 27 03 5C DD 1F C8   77 A2 25 18 DF 0C DC FD  ..'.\...w.%.....
0040: D3 39 5D 18 B4 BA 4B 36   8C FD C5 80 FF F2 E3 4D  .9]...K6.......M
0050: 0A 28 57 B9 04 D8 25 F6   FB CA DA 13 0C 36 FB 02  .(W...%......6..
0060: 9A B3 B1 28 46 D1 8E C7   D9 1A 5B CE BB A6 6F FD  ...(F.....[...o.
0070: 6D F2 35 D9 95 43 6E 38   2A 56 E7 31 21 D9 F0 90  m.5..Cn8*V.1!...]Added certificate to keystore 'jssecacerts' using alias 'email.ssscc.com.cn-1'

4、再次运行java InstallCert email.ssscc.com.cn:465,提示如下即无误 
 
5、复制InstallCert.java目录下的jssecacerts文件至jenkins安装目录下的/jre/lib/security目录下 
6、重启jenkins服务,测试邮件发送功能 
注意:如果你安装的是jdk7,则可能会出现下面这样的错误

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException

如果出现这样的错误,直接修改InstallCert.java

@Override
public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];// throw new UnsupportedOperationException();注释该行,用上面这行替代即可
}

当然,你可以直接在上面下载使用。,至此,该问题得到解决。

Jenkins邮箱配置中,使用SSL连接的问题相关推荐

  1. 解决Jenkins邮箱配置中,使用SSL连接的问题

    背景:最近在配置Jenkins的邮件发送功能时,正确设置好各参数后,在进行通过发送测试邮件测试配置时,总是出现unable to find valid certification path to re ...

  2. Mysql 中的SSL 连接

    Mysql 中的SSL 连接 以下来自网络参考和自己测试整理,没有查找相关资料.若有错误之处,欢迎指正. 当前的Mysql 客户端版本基本都不太能支持 caching_sha2_password 认证 ...

  3. php mysql ssl 连接_Mysql 中的SSL 连接

    Mysql 中的SSL 连接 以下来自网络参考和自己测试整理,没有查找相关资料.若有错误之处,欢迎指正. 当前的Mysql 客户端版本基本都不太能支持 caching_sha2_password 认证 ...

  4. aws rds监控慢sql_在AWS RDS SQL Server中实施SSL连接

    aws rds监控慢sql This article explores a method to enforce SSL for all connections in AWS RDS SQL Serve ...

  5. 配置openldap使用SSL连接

    假设openldap服务器已经配置好,可以正常工作.下面的步骤只是让openldap使用ssl连接.  这篇文档参考了http://www.openldap.org/pub/ksoper/OpenLD ...

  6. Jenkins邮箱配置过程(qq + 163)

    qq邮箱 设置授权码 QQ邮箱开启授权(在配置Jenkins发送邮件时需要使用该授权码) 什么是授权码? 授权码是QQ邮箱推出的,用于登录第三方客户端的专用密码. 适用于登录以下服务:POP3/IMA ...

  7. Redis SSL/TLS配置以及Jedis SSL连接

    ​ Redis 6.2X SSL/TLS加密配置研究(主从.集群.压测) 最近因工作需要配置Redis 6.2X版本的SSL/TLS加密网上资料比较少,并且多是直接客户端和服务端直接连接,并未说明主从 ...

  8. java连接qq邮箱_java如何使用ssl连接qq邮箱

    展开全部 Gmail目前已经启用了POP3和SMTP服务,与其他邮箱不同的是Gmail提供e68a84e8a2ad62616964757a686964616f31333335303464的POP3和S ...

  9. 第十四章:详解Jenkins节点配置

    2014-03-02:修正对于lable标签的理解.(1.532.1版本已经给出了官方解释) 2013-12-22:添加JNLP端口修改,修改了一些错误. Jenkins有个很强大的功能:分布式构建( ...

最新文章

  1. 构建DevOps功能:云计算自动化
  2. python第三方开发软件_python开发者的必备工具(一)
  3. 将一个数组输出到模板中来处理2
  4. python opencv 等比例调整(缩放)图片分辨率大小代码 cv2.resize()
  5. 线性回归csv数据集_数据科学的基石:统计学、机器学习、计算机科学(三)——线性回归...
  6. 关于使用jQuery时$(document).ready()方法失效问题
  7. java登录界面命令_Java命令行界面(第18部分):JCLAP
  8. js isinteger_在JavaScript中使用示例使用Number isInteger()方法
  9. Java 动态代理解析
  10. python矩阵操作_Python中的矩阵操作
  11. react实现简单的表单
  12. log4j配置时的位置问题
  13. 习题总结(一)——硬链接,locate,chmod,家目录
  14. 为什么我推荐ImageJ?
  15. Ubuntu安装酷的桌面监控陈程序Conky
  16. 谈谈我所了解的数据分析行业(下)
  17. 论文研究结论怎么写?
  18. mumu显示连接服务器超时,网易mumu模拟器安装不了 网易mumu模拟器安装好久解决方法...
  19. Mybatis-Plus实现乐观锁配置
  20. MySQL DBA必读:万字归总表设计与SQL编写技巧

热门文章

  1. 关于cuda、cudnn环境配置
  2. Android USB(OTG) 删除文件的探索过程
  3. HDUOJ1865 1string
  4. Qt模仿安卓手机中app图标移动
  5. 什么是Anti-DDoS流量清洗?
  6. envi反演水质参数_遥感干旱反演方法汇总
  7. 【Homeassistant 与Ultrasonic Distance超声波距离传感器握手】
  8. JAVA面试、笔试题
  9. AndroidStudio 制作一个超简易记账本App(1.0)【含详细步骤】
  10. AtCoder Beginner Contest 126