我的世界java平台缺少证书_解决https安全证书缺少的问题

解决PKIX：unable to find valid certification path to target 的问题

问题描述

这两天上测试服务器的时候突然报这样的异常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

问题的根本

访问https的时候缺少安全证书，导致的错误

解决措施

将安全证书下载到本地 =.= 。查阅了很久的资料，找到如下一份大神的源码特来分享

附上代码

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* - Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* - Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* - Neither the name of Sun Microsystems nor the names of its

* contributors may be used to endorse or promote products derived

* from this software without specific prior written permission.

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

public static void main(String[] args) throws Exception {

String host;

int port;

char[] passphrase;

if ((args.length == 1) || (args.length == 2)) {

String[] c = args[0].split(":");

host = c[0];

port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

String p = (args.length == 1) ? "changeit" : args[1];

passphrase = p.toCharArray();

} else {

System.out

.println("Usage: java InstallCert [:port] [passphrase]");

return;

}

File file = new File("jssecacerts");

if (file.isFile() == false) {

char SEP = File.separatorChar;

File dir = new File(System.getProperty("java.home") + SEP + "lib"

+ SEP + "security");

file = new File(dir, "jssecacerts");

if (file.isFile() == false) {

file = new File(dir, "cacerts");

}

System.out.println("Loading KeyStore " + file + "...");

InputStream in = new FileInputStream(file);

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

ks.load(in, passphrase);

in.close();

SSLContext context = SSLContext.getInstance("TLS");

TrustManagerFactory tmf = TrustManagerFactory

.getInstance(TrustManagerFactory.getDefaultAlgorithm());

tmf.init(ks);

X509TrustManager defaultTrustManager = (X509TrustManager) tmf

.getTrustManagers()[0];

SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

context.init(null, new TrustManager[] { tm }, null);

SSLSocketFactory factory = context.getSocketFactory();

System.out

.println("Opening connection to " + host + ":" + port + "...");

SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

socket.setSoTimeout(10000);

try {

System.out.println("Starting SSL handshake...");

socket.startHandshake();

socket.close();

System.out.println();

System.out.println("No errors, certificate is already trusted");

} catch (SSLException e) {

System.out.println();

e.printStackTrace(System.out);

}

X509Certificate[] chain = tm.chain;

if (chain == null) {

System.out.println("Could not obtain server certificate chain");

return;

}

BufferedReader reader = new BufferedReader(new InputStreamReader(

System.in));

System.out.println();

System.out.println("Server sent " + chain.length + " certificate(s):");

System.out.println();

MessageDigest sha1 = MessageDigest.getInstance("SHA1");

MessageDigest md5 = MessageDigest.getInstance("MD5");

for (int i = 0; i < chain.length; i++) {

X509Certificate cert = chain[i];

System.out.println(" " + (i + 1) + " Subject "

+ cert.getSubjectDN());

System.out.println(" Issuer " + cert.getIssuerDN());

sha1.update(cert.getEncoded());

System.out.println(" sha1 " + toHexString(sha1.digest()));

md5.update(cert.getEncoded());

System.out.println(" md5 " + toHexString(md5.digest()));

System.out.println();

}

System.out

.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

String line = reader.readLine().trim();

int k;

try {

k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

} catch (NumberFormatException e) {

System.out.println("KeyStore not changed");

return;

}

X509Certificate cert = chain[k];

String alias = host + "-" + (k + 1);

ks.setCertificateEntry(alias, cert);

OutputStream out = new FileOutputStream("jssecacerts");

ks.store(out, passphrase);

out.close();

System.out.println();

System.out.println(cert);

System.out.println();

System.out

.println("Added certificate to keystore 'jssecacerts' using alias '"

+ alias + "'");

}

private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

private static String toHexString(byte[] bytes) {

StringBuilder sb = new StringBuilder(bytes.length * 3);

for (int b : bytes) {

b &= 0xff;

sb.append(HEXDIGITS[b >> 4]);

sb.append(HEXDIGITS[b & 15]);

sb.append(' ');

}

return sb.toString();

}

private static class SavingTrustManager implements X509TrustManager {

private final X509TrustManager tm;

private X509Certificate[] chain;

SavingTrustManager(X509TrustManager tm) {

this.tm = tm;

}

public X509Certificate[] getAcceptedIssuers() {

throw new UnsupportedOperationException();

}

public void checkClientTrusted(X509Certificate[] chain, String authType)

throws CertificateException {

throw new UnsupportedOperationException();

}

public void checkServerTrusted(X509Certificate[] chain, String authType)

throws CertificateException {

this.chain = chain;

tm.checkServerTrusted(chain, authType);

}

如何执行

1.首先将java文件编译成class文件，使用javac命令 javac InstallCert.java

2.当前目录下即产生InstallCert.class文件以及InstallCert$SavingTrustManager.class文件

3.运行InstallCert.class文件并传入参数，java InstallCert host:port通过作者的源码可以得知默认端口为443

此时会输出如下信息

G:\com>java InstallCert www.baidu.com

Loading KeyStore C:\Program Files\Java\jre1.8.0_191\lib\security\cacerts...

Opening connection to www.baidu.com:443...

Starting SSL handshake...

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at InstallCert.main(InstallCert.java:95)

Caused by: java.lang.UnsupportedOperationException

at InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:18

at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraint

s(Unknown Source)

at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unk

nown Source)

at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unkno

wn Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source

)

... 3 more

Server sent 2 certificate(s):

1 Subject CN=baidu.com, O="Beijing Baidu Netcom Science Technology Co., Ltd", O

U=service operation department, L=beijing, ST=beijing, C=CN

Issuer CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign

nv-sa, C=BE

sha1 d6 aa f8 cf a0 e0 23 65 47 fc 2a 89 4f 89 5e c9 47 24 a6 0d

md5 fd 63 96 dc 4e 9f 1e a9 16 51 d6 87 73 4d 39 76

2 Subject CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign

nv-sa, C=BE

Issuer CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

sha1 90 2e f2 de eb 3c 5b 13 ea 4c 3d 51 93 62 93 09 e2 31 ae 55

md5 d3 e8 70 6d 82 92 ac e4 dd eb f7 a8 bb bd 56 6b

Enter certificate to add to trusted keystore or 'q' to quit: [1]

4.输入q为退出，输入1为下载。输入1等待程序执行完成，当前目录下会生成一个jssecacerts的安全文件

5.将证书拷贝到$JAVA_HOME/jre/lib/security目录下

6.重新启动web server

完成~

我的世界java平台缺少证书_解决https安全证书缺少的问题相关推荐

我的世界java平台缺少证书_tomcat配置https以及配置完成后提示服务器缺少中间证书（已解决）...
tomcat配置https 准备工作下载好证书文件,下载的时候可以选择为tomcat文件.我这下载下来是压缩包.解压后就是下图的样子. 以.key结尾的文件是证书的key 以.pem结尾的文件是证书 ...
我的世界java启动程下载_我的世界java正版启动器最新下载
我的世界java启动器,该软件内含多版本启动器.地图编辑器.云测试平台等,玩家可以通过该软件随意修改游戏,而且可以让你快速安装好自己的游戏,有需要的赶快下载吧! 基本简介众所周知,<我的世界& ...
我的世界java服核心下载_我的世界java版
我的世界java版手机下载是一款高自由度的沙盒模拟建造游戏,这个版本是Java版本,增加了很多不同的游戏生物,还有超多好玩的游戏内容,感兴趣的玩家们千万不要错过了,快来下载这款我的世界java版1.1 ...
我的世界java环境安装包_我的世界java路径怎么设置
伙伴们在玩<我的世界>游戏的时候,必须在电脑上安装JAVA环境,可是呢有些玩家对于自己的电脑系统不太了解,那么如何查看自己的电脑系统及怎么安装JAVA环境呢?带着这一系列问题,我们来看看下 ...
java 生成ecc证书_升级支持ECC证书指南
ECC简介随着分解大整数方法的进步及完善.计算机速度的提高以及计算机网络的发展,为了保障数据的安全,RSA的密钥需要不断增加,但是,密钥长度的增加导致了其加解密的速度大为降低,硬件实现也变得越来越难 ...
我的世界java版合成表_我的世界：Java版和基岩版的5个合成表差异，知道半数，老MC无疑。...
"不要在云了,你这个云玩家!"不知道你没有没有因为某些原因被网友说成是MC的云玩家,我就听到过一个很冤枉的故事.一个已经玩了5年之久的基岩版玩家,被一个玩了一年Java版的玩家硬生 ...
java证书验证失败_解决https证书验证不通过的问题
1.报错信息 java.security.cert.CertificateException: No name matching api.weibo.com found; nested excepti ...
我的世界java版下载版本_我的世界Java版20w29a
我的世界Java版20w29a快照版又一次更新了全新的内容了,这款游戏修复了大量的bug让玩家们可以更加流畅在游戏中进行玩耍,其中玩家们可以利用像素方块搭建各种人文建筑哦,感兴趣的玩家们,欢迎前来下载 ...
我的世界java服核心下载_我的世界java版服务器
我的世界java版服务器是由网易推出全自由的一款游戏,自由化的模式保证你可以在这里创建你喜欢的所有物品,多种玩法设计,而且还有大量的挑战等你来体验,在这个充满乐趣的世界当中,不断的完成你的冒险,享受有 ...
java keytool 导出证书_使用keytool 生成证书
keytool 工具介绍 keytool 是java 用于管理密钥和证书的工具,其功能包括: 1 创建并管理密钥 2 创建并管理证书 3 作为CA 为证书授权 4 导入导出证书 keytool 采用k ...

我的世界java平台缺少证书_解决https安全证书缺少的问题

我的世界java平台缺少证书_解决https安全证书缺少的问题相关推荐

最新文章

热门文章