在Java编程中,请求远程https链接的时候,如果报了这个错误该如何解决呢?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解决方案有两种

一、获得有效证书

编译安装证书程序 javac InstallCert.java(代码如下)

可以通过命令行 javac InstallCert.java 编译

/** Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.** Redistribution and use in source and binary forms, with or without* modification, are permitted provided that the following conditions* are met:**   - Redistributions of source code must retain the above copyright*     notice, this list of conditions and the following disclaimer.**   - Redistributions in binary form must reproduce the above copyright*     notice, this list of conditions and the following disclaimer in the*     documentation and/or other materials provided with the distribution.**   - Neither the name of Sun Microsystems nor the names of its*     contributors may be used to endorse or promote products derived*     from this software without specific prior written permission.** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR* PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.*/import java.io.*;
import java.net.URL;import java.security.*;
import java.security.cert.*;import javax.net.ssl.*;public class InstallCert {public static void main(String[] args) throws Exception {String host;int port;char[] passphrase;if ((args.length == 1) || (args.length == 2)) {String[] c = args[0].split(":");host = c[0];port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);String p = (args.length == 1) ? "changeit" : args[1];passphrase = p.toCharArray();} else {System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");return;}File file = new File("jssecacerts");if (file.isFile() == false) {char SEP = File.separatorChar;File dir = new File(System.getProperty("java.home") + SEP+ "lib" + SEP + "security");file = new File(dir, "jssecacerts");if (file.isFile() == false) {file = new File(dir, "cacerts");}}System.out.println("Loading KeyStore " + file + "...");InputStream in = new FileInputStream(file);KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());ks.load(in, passphrase);in.close();SSLContext context = SSLContext.getInstance("TLS");TrustManagerFactory tmf =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());tmf.init(ks);X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);context.init(null, new TrustManager[] {tm}, null);SSLSocketFactory factory = context.getSocketFactory();System.out.println("Opening connection to " + host + ":" + port + "...");SSLSocket socket = (SSLSocket)factory.createSocket(host, port);socket.setSoTimeout(10000);try {System.out.println("Starting SSL handshake...");socket.startHandshake();socket.close();System.out.println();System.out.println("No errors, certificate is already trusted");} catch (SSLException e) {System.out.println();e.printStackTrace(System.out);}X509Certificate[] chain = tm.chain;if (chain == null) {System.out.println("Could not obtain server certificate chain");return;}BufferedReader reader =new BufferedReader(new InputStreamReader(System.in));System.out.println();System.out.println("Server sent " + chain.length + " certificate(s):");System.out.println();MessageDigest sha1 = MessageDigest.getInstance("SHA1");MessageDigest md5 = MessageDigest.getInstance("MD5");for (int i = 0; i < chain.length; i++) {X509Certificate cert = chain[i];System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());System.out.println("   Issuer  " + cert.getIssuerDN());sha1.update(cert.getEncoded());System.out.println("   sha1    " + toHexString(sha1.digest()));md5.update(cert.getEncoded());System.out.println("   md5     " + toHexString(md5.digest()));System.out.println();}System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");String line = reader.readLine().trim();int k;try {k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;} catch (NumberFormatException e) {System.out.println("KeyStore not changed");return;}X509Certificate cert = chain[k];String alias = host + "-" + (k + 1);ks.setCertificateEntry(alias, cert);OutputStream out = new FileOutputStream("jssecacerts");ks.store(out, passphrase);out.close();System.out.println();System.out.println(cert);System.out.println();System.out.println("Added certificate to keystore 'jssecacerts' using alias '"+ alias + "'");}private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();private static String toHexString(byte[] bytes) {StringBuilder sb = new StringBuilder(bytes.length * 3);for (int b : bytes) {b &= 0xff;sb.append(HEXDIGITS[b >> 4]);sb.append(HEXDIGITS[b & 15]);sb.append(' ');}return sb.toString();}private static class SavingTrustManager implements X509TrustManager {private final X509TrustManager tm;private X509Certificate[] chain;SavingTrustManager(X509TrustManager tm) {this.tm = tm;}public X509Certificate[] getAcceptedIssuers() {throw new UnsupportedOperationException();}public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException {throw new UnsupportedOperationException();}public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException {this.chain = chain;tm.checkServerTrusted(chain, authType);}}}

class文件生成后,运行安装证书程序生成证书

java InstallCert smtp.zhangsan.com:465
如果不加参数password和host的端口号,上面的获取证书程序中默认给的端口号是:443,密码是:changeit

根据运行提示信息,输入1,回车,在当前目录下生成名为: jssecacerts 的证书

将证书放置到$JAVA_HOME/jre/lib/security目录下, 切记该JDK的jre是工程所用的环境!!!

二、忽略证书信任问题

通过工具类来实行(代码如下)

import lombok.extern.slf4j.Slf4j;
import sun.net.www.protocol.https.HttpsURLConnectionImpl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;@Slf4j
public class HttpsURLValidator {HostnameVerifier hv = new HostnameVerifier() {public boolean verify(String urlHostName, SSLSession session) {System.out.println("Warning: URL Host: " + urlHostName + " vs. "+ session.getPeerHost());return true;}};/*** https忽略SSL的方法* @param url*/public static void httpsRequestTrue(String url){//访问https地址直接调用这个方法try {//忽略https证书的再请求HttpsURLValidator.trustAllHttpsCertificates();HostnameVerifier hv = new HostnameVerifier() {public boolean verify(String urlHostName, SSLSession session) {return true;}};URL u = new URL(url);HttpsURLConnection.setDefaultHostnameVerifier(hv);URLConnection urlConnection = (HttpsURLConnectionImpl)u.openConnection();}catch (Exception e){log.error(e.getMessage());}}protected final String retrieveResponseFromServer(final URL validationUrl,final String ticket) {HttpURLConnection connection = null;try {connection = (HttpURLConnection) validationUrl.openConnection();final BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));String line;final StringBuffer stringBuffer = new StringBuffer(255);synchronized (stringBuffer) {while ((line = in.readLine()) != null) {stringBuffer.append(line);stringBuffer.append("\n");}return stringBuffer.toString();}} catch (final IOException e) {log.error(e.getMessage());return null;} catch (final Exception e1){log.error(e1.getMessage());return null;}finally {if (connection != null) {connection.disconnect();}}}protected static void trustAllHttpsCertificates() throws Exception {javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];javax.net.ssl.TrustManager tm = new miTM();trustAllCerts[0] = tm;javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");sc.init(null, trustAllCerts, null);javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());}static class miTM implements javax.net.ssl.TrustManager,javax.net.ssl.X509TrustManager {public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {return true;}public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {return true;}public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}}
}

使用方式,直接使用

HttpsURLValidator.httpsRequestTrue(url); //url为https请求地址

以上两种方式经实测都有效

转载于:java开发https请求ssl不受信任问题解决方法

访问HTTPS请求遇到SSL信任问题相关推荐

  1. 谷歌浏览器访问https请求总是显示不安全提示

    谷歌浏览器访问https请求总是显示不安全提示: 鼠标右键–>属性–>目标–> --allow-running-insecure-content 如下图所示:注意.exe后面有空格 ...

  2. JAVA实现发送HTTPS请求(SSL双向认证)

    一.项目背景 Java项目需要作为客户端发起HTTPS请求访问服务端,并且需要携带证书进行SSL双向认证,当前提供的证书相关文件有:ca.crt.ca.key.client.crt.client.ke ...

  3. python接口自动化(十二)--https请求(SSL)(详解)

    简介 本来最新的requests库V2.13.0是支持https请求的,但是一般写脚本时候,我们会用抓包工具fiddler,这时候会 报:requests.exceptions.SSLError: [ ...

  4. springboot 使用restTemplate 发送https请求 忽略ssl证书

    最近在写接口的时候给对方回推数据,发送https请求的时候遇到这么个报错:javax.net.ssl.SSLHandshakeException: sun.security.validator.Val ...

  5. python怎么爬虫https的内容_爬虫15 python 如何处理HTTPS请求访问 SSL证书验证

    1 https和SSL之间是什么关系 https和SSL之间是什么关系:https就是在http上面加了一层ssl协议,在http站点上部署SSL数字证书就变成了https. 现在随处可见 https ...

  6. Python3处理HTTPS请求 SSL证书验证

    Python3处理HTTPS请求 SSL证书验证 金融类的公司网站一般都是https 开头的网站,urllib.request可以为 HTTPS 请求验证SSL证书,就像web浏览器一样,如果网站的S ...

  7. XP系统下IE7访问HTTPS网站提示“此网站的安全证书有问题”的解题思路

     没有正式阐述解题思路之前,我们先了解下HTTPS.SSL的相关知识点.SSL(Secure Socket Layer)是目前解决传输层安全问题的一个主要协议,其设计的初衷是基于TCP协议之上提供可靠 ...

  8. 无证书访问https外部接口

    楼主公司需要调用gis服务器,但是服务器提供的https请求,同时公司也没有证书,这样会照成访问后不能直接调到接口,需要手动添加证书.所以用一下方式调用https接口可以避免上述情况. java直接访 ...

  9. 记录一次nginx升级,支持ipv4和ipv6访问https

    项目要求,需要让现有网站项目支持https,并同时支持ipv6访问,经过分析,现在nginx版本较老,所以决定升级nignx,并且同步配置https和ipv6. 升级准备 服务器网络环境需要支持ipv ...

最新文章

  1. 综述:激光雷达全景分割的传统点云聚类方法的技术总结
  2. 杰奇数据库mysql_杰奇模板出现Unable to save result set in…可尝试修复数据库
  3. 8.1 概述-机器学习笔记-斯坦福吴恩达教授
  4. golang网络编程基础知识:OSI网络模型、IP、端口号详解
  5. Quagga的安装碰到的问题
  6. stick和stuck的区别_怎样区别“stick to”、“stick with”和“stick by”这三个表达?...
  7. 更简洁的方式修改Chrome的User Agent,轻松体验移动版网络
  8. 开发经验漫谈 -- Git在开发流程中的运用
  9. Hessian学习(springboot环境)
  10. DevOps使用教程 华为云(11)git分支怎么用 分支合并 评审
  11. c语言ftell函数,C语言中ftell函数的使用方法
  12. 12306智能刷票,订票
  13. 英特尔卖了通信与手机处理器,中国厂商是哭还是笑?
  14. 让老照片重现光彩:Bringing Old Photos Back to Life(实战)
  15. 全排列(下一个排列,算法)
  16. Unity中ComputeShader入门
  17. 求每个月的最后一天日期
  18. 老板儿子来公司实习,还让我带着他学Python?搞笑
  19. 代码风格检查工具vera++
  20. 【ISP】Sharpen(2)

热门文章

  1. vcruntime140.dll文件缺失,去哪下载vcruntime140.dll文件
  2. linux代码怎么运行gedit,Linux中gedit命令起什么作用呢?
  3. AxureRP实战(三)Banner轮播图交互(进阶篇)
  4. Leaflet学习教程+笔记(Mars2D)
  5. win10清理_win10安全清理小建议
  6. 24 前 K 个高频元素
  7. 一个Fluent动网格问题及解决方法的记录
  8. 鹏业安装算量喷淋管件修改问题解答
  9. sql server数据库中raiserror函数的用法1
  10. 武宣计算机培训学校,武宣县职业技术学校