出现错误为 SSLHandshakeException - unable to find valid certification path to requested target

在服务器上找到对应的jssecacerts文件或cacerts, 一般在 <jre home>/lib/security 目录下, 在本地执行以下代码, 将cert添加到文件里,

再用新产生的jssecacerts放回覆盖旧文件(建议先备份)

package com.rockbb.test;

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert

{

	public static void main(String[] args) throws Exception

	{

		args = new String[]{"api.weixin.qq.com"};

		String host;

		int port;

		char[] passphrase;

		if ((args.length == 1) || (args.length == 2))

		{

			String[] c = args[0].split(":");

			host = c[0];

			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

			String p = (args.length == 1) ? "changeit" : args[1];

			passphrase = p.toCharArray();

		}

		else

		{

			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

			return;

		}

		File file = new File("jssecacerts");

		if (file.isFile() == false)

		{

			char SEP = File.separatorChar;

			File dir = new File("E:\\temp\\");

			file = new File(dir, "jssecacerts");

			if (file.isFile() == false)

			{

				file = new File(dir, "cacerts");

			}

		}

		System.out.println("Loading KeyStore " + file + "...");

		InputStream in = new FileInputStream(file);

		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

		ks.load(in, passphrase);

		in.close();

		SSLContext context = SSLContext.getInstance("TLS");

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(ks);

		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

		context.init(null, new TrustManager[] { tm }, null);

		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");

		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

		socket.setSoTimeout(10000);

		try

		{

			System.out.println("Starting SSL handshake...");

			socket.startHandshake();

			socket.close();

			System.out.println();

			System.out.println("No errors, certificate is already trusted");

		}

		catch (SSLException e)

		{

			System.out.println();

			e.printStackTrace(System.out);

		}

		X509Certificate[] chain = tm.chain;

		if (chain == null)

		{

			System.out.println("Could not obtain server certificate chain");

			return;

		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();

		System.out.println("Server sent " + chain.length + " certificate(s):");

		System.out.println();

		MessageDigest sha1 = MessageDigest.getInstance("SHA1");

		MessageDigest md5 = MessageDigest.getInstance("MD5");

		for (int i = 0; i < chain.length; i++)

		{

			X509Certificate cert = chain[i];

			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

			System.out.println("   Issuer  " + cert.getIssuerDN());

			sha1.update(cert.getEncoded());

			System.out.println("   sha1    " + toHexString(sha1.digest()));

			md5.update(cert.getEncoded());

			System.out.println("   md5     " + toHexString(md5.digest()));

			System.out.println();

		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

		String line = reader.readLine().trim();

		int k;

		try

		{

			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

		}

		catch (NumberFormatException e)

		{

			System.out.println("KeyStore not changed");

			return;

		}

		X509Certificate cert = chain[k];

		String alias = host + "-" + (k + 1);

		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");

		ks.store(out, passphrase);

		out.close();

		System.out.println();

		System.out.println(cert);

		System.out.println();

		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

	}

	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	private static String toHexString(byte[] bytes)

	{

		StringBuilder sb = new StringBuilder(bytes.length * 3);

		for (int b : bytes)

		{

			b &= 0xff;

			sb.append(HEXDIGITS[b >> 4]);

			sb.append(HEXDIGITS[b & 15]);

			sb.append(' ');

		}

		return sb.toString();

	}

	private static class SavingTrustManager implements X509TrustManager

	{

		private final X509TrustManager tm;

		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm)

		{

			this.tm = tm;

		}

		public X509Certificate[] getAcceptedIssuers()

		{

			throw new UnsupportedOperationException();

		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			throw new UnsupportedOperationException();

		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			this.chain = chain;

			tm.checkServerTrusted(chain, authType);

		}

	}

}

Java手动添加SSL证书的更多相关文章

  1. Centos7.4下用Docker-Compose部署WordPress(续)-服务器端用Nginx作为反向代理并添加SSL证书(阿里云免费DV证书)

    前言 在我写完Centos7.4下用Docker-Compose部署WordPress这篇文章后,我的个人博客已经正式的开始运作.但考虑到网站访问的安全性以及今后可能会重复利用服务器来部署其他网站的可 ...

  2. CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问

    参考文献: 1. NginxV1.8.0安装与配置 2. CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问 3. nginx配置ssl证书的方法 4.nginx强制使用https访问 ...

  3. 如何给网站添加SSL证书(免费)

    上篇讲了如何将网站部署到服务器上,这篇就讲如何给网站添加SSL证书. 1.先到腾讯云ssl证书认证那里申请一个证书 2.DNS认证 3.下载解压nginx里面的文件 4. 在服务器上/www目录下创建 ...

  4. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  5. 添加ssl证书

    ssl证书会使你的网站更加安全,防止isp在你的网站显示时添加广告,浏览网页时地址栏左边有一个绿色安全的图标,使用户感觉更加安全放心. 颁发ssl证书的机构很多,有收费的,也有免费的.当然对于自己的小 ...

  6. tomcat 添加 ssl 证书

    1. 将证书提供方给的证书(server.crt)及密钥文件(server.key)上传到服务器 tomcat 的 conf 目录 2. 在tomcat conf 目录下执行如下命令 (1) 生成P1 ...

  7. nginx添加ssl证书

    ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl 这个为全部配置, 需要替换你自己的域名,配置中强制https了 server ...

  8. 给php添加ssl证书

    composer下载时报错: The "https://packagist.org/packages.json" file could not be downloaded: SSL ...

  9. CentOS6.5 下在Nginx中添加SSL证书

    原文:https://www.cnblogs.com/wuling129/p/5039978.html 证书过期 ,更新证书,记录下 一.安装相关支持库:(未实践) yum -y install gc ...

随机推荐

  1. Android优秀学习资料(高手博客

    任玉刚, 博客 : http://blog.csdn.net/singwhatiwanna, github : https://github.com/singwhatiwanna Trinea, 博客 ...

  2. assign、retain、copy使用异同

    1 三者的区别 首先,引用计数的概念:表示对象被引用的次数.当引用计数为 0 的时候,系统就会发送dealloc消息来释放内存. assign:用于基本数据类型,没有引用计数,因此不存在增加或减少引用 ...

  3. UI复习

    UIButton的状态 • normal(普通状态) ➢ 默认情况 ➢ 对应的枚举常量:UIControlStateNormal • highlighted(高亮状态) ➢ 按钮被按下去的时候(手指还 ...

  4. 截取UIImage指定大小区域

    截取UIImage指定大小区域 最近遇到这样的需求:从服务器获取到一张照片,只需要显示他的左半部分,或者中间部分等等.也就是截取UIImage指定大小区域. UIImage扩展 我的解决方案是对UII ...

  5. HTML 特殊符号编码对照表

    HTML 特殊符号编码对照表 特殊符号 命名实体 十进制编码 特殊符号 命名实体 十进制编码 特殊符号 命名实体 十进制编码 Α Α Α Β Β Β Γ Γ Γ Δ Δ Δ Ε Ε Ε Ζ Ζ Ζ Η ...

  6. Oracle与MySQL的区别

    1. Oracle是大型数据库而Mysql是中小型数据库,Oracle市场占有率达40%,Mysql只有20%左右,同时Mysql是开源的而Oracle价格非常高. 2. Oracle支持大并发,大访 ...

  7. Photo Shop切图

    切图之前 哪些是需要切出来的? 修饰性的 (一般用在background属性) 图标.logo 有特殊效果的按钮  文字等 非纯色的背景 内容性的 (一般用在img标签) Banner.广告图片 文章 ...

  8. 初学svn对版本进行控制 用post- commit钩子实现代码同步到web目录

    这里只是一个记录,原文摘抄svn利用钩子实现代码同步到web目录 思路: 找 到SVN Server中的仓库(Repositories)文件夹的位置,在相应的项目文件夹中找到hooks文件夹.在该文件 ...

  9. Linux PHP5.3升级PHP5.5.33 (CentOS)

    由于要使用了laravel5.1,php要升级到5.5以上.具体环境是Aliyun Cent OS 7.0.由于阿里的yum源lastest只有5.4,laravel5.1必须php5.5,加了几个网 ...

  10. windows,linux,mac生成ssh public key 和 private key

    https://help.launchpad.net/YourAccount/CreatingAnSSHKeyPair Creating the key How you create your SSH ...