Java 信任所有SSL证书(解决PKIX path building failed问题)

程序员文章站 2022-07-10 15:24:02

...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
   at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
   at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
   at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
   at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
   at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
   at SslTest.getRequest(SslTest.java:16)
   at SslTest.main(SslTest.java:40)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
   at sun.security.validator.Validator.validate(Validator.java:260)
   at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
   ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
   at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
   ... 19 more
在网上找了好多办法，都未曾解决

其中的解决办法：

1、导入证书到本地证书库

2、信任所有SSL证书

最好的解决办法或许是信任所有SSL证书，因为某些时候不能每次都手动的导入证书非常麻烦。现在封装了个方法，在连接openConnection的时候忽略掉证书就行了。

下面我贴出代码以供大家参考

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.*;

/**
 * @ClassName SslUtils
 * @Description TODO
 * @Author harry
 * @Date 2021/10/18 10:16
 * @Version 1.0.0
 */
public class SslUtils {

    /**
     * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }

    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    static class miTM implements TrustManager,X509TrustManager {
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }
        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }
        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }
}

            //忽略SSL认证
            SslUtils.ignoreSsl();

在你请求https前进行调用，完美解决。

记得给我点赞哟！

相关标签：错误记录 java ssl html5

上一篇： Android OkHttp信任所有证书

下一篇： Java 信任所有SSL证书(解决PKIX path building failed问题)

Java 信任所有SSL证书(解决PKIX path building failed问题)

Java 信任所有SSL证书(解决PKIX path building failed问题)

Java 信任所有SSL证书(解决PKIX path building failed问题)

【笔记】Java 信任所有SSL证书(解决PKIX path building failed问题)