NutzCN Logo
问答 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
发布于 3037天前 作者 sunhai1988 3538 次浏览 复制 上一个帖子 下一个帖子
标签:

社区nutz.cn Response response = Http.get("https://dn-nutzcn.qbox.me/yvr/u/qq_1968473f/avatar"); 是正常的 ,能下载
Response response = Http.get("https://nutzwk.wizzer.cn/assets/img/flags/cn.png");
报错 ,然后服务器加了https之后,在项目里面需要添加什么配置

Exception in thread "main" org.nutz.http.HttpException: url=https://nutzwk.wizzer.cn/assets/img/flags/cn.png
	at org.nutz.http.sender.GetSender.send(GetSender.java:22)
	at org.nutz.http.Http.get(Http.java:144)
	at cn.wizzer.common.util.TestUtil.main(TestUtil.java:31)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
	at org.nutz.http.Sender.getResponseHeader(Sender.java:124)
	at org.nutz.http.sender.GetSender.send(GetSender.java:19)
	... 2 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
	... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 23 more
9 回复

自行签名的野鸡https证书?

禁用JVM的Https证书检查

Http.disableJvmHttpsCheck();

有免费证书可以申请,何需自签名呢

https://buy.wosign.com/free/

我用的是 Let's Encrypt证书 免费的 90天续期一次!

https://letsencrypt.org/2016/08/05/le-root-to-be-trusted-by-mozilla.html

2016年8月才进入根证书, 妥妥的不会被之前的任意Java版本所认识

服务器1:正常无报错,我自己的服务器也可以正常获取证书为:( Let's Encrypt)

 Http.disableJvmHttpsCheck();
 Response response = Http.get("https://nutzwk.wizzer.cn/assets/img/flags/cn.png");

-------------------------------------------------------------------------------------------------------------------
服务器2 报错 用startssl 证书 ,apache php 环境

       Http.disableJvmHttpsCheck();
	   Response response = Http.get("https://www.*****.tv/Application/Admin/Assets/images/logo2.png");
	    

报错如下:

Exception in thread "main" org.nutz.http.HttpException: url=https://www.****.tv/Application/Admin/Assets/images/logo2.png
	at org.nutz.http.sender.GetSender.send(GetSender.java:22)
	at org.nutz.http.Http.get(Http.java:144)
	at cn.wizzer.common.util.TestUtil.main(TestUtil.java:32)
Caused by: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
	at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1320)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1984)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1104)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
	at org.nutz.http.Sender.getResponseHeader(Sender.java:124)
	at org.nutz.http.sender.GetSender.send(GetSender.java:19)
	... 2 more

JDK版本低,不认识服务器的证书签名方式?

google了下用这个配置就好了。 。 应该是和我服务什么配置有关

       System.setProperty("jsse.enableSNIExtension", "false");
	   Http.disableJvmHttpsCheck();
	   Response response = Http.get("https://www.*****.tv/Application/Admin/Assets/images/logo2.png");

但是在startssl官网找一个图片get能成功代码如下:

        Http.disableJvmHttpsCheck();
	   Response response = Http.get("https://www.startssl.com/images/ban2_25.png");

SNI就是服务器下有好多个https证书

恩 谢谢了 我读了下意思说是 服务器配置问题

添加回复
请先登陆
回到顶部