出现错误为 SSLHandshakeException - unable to find valid certification path to requested target

在服务器上找到对应的jssecacerts文件或cacerts, 一般在 <jre home>/lib/security 目录下, 在本地执行以下代码, 将cert添加到文件里,

再用新产生的jssecacerts放回覆盖旧文件(建议先备份)

package com.rockbb.test;

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert

{

	public static void main(String[] args) throws Exception

	{

		args = new String[]{"api.weixin.qq.com"};

		String host;

		int port;

		char[] passphrase;

		if ((args.length == 1) || (args.length == 2))

		{

			String[] c = args[0].split(":");

			host = c[0];

			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

			String p = (args.length == 1) ? "changeit" : args[1];

			passphrase = p.toCharArray();

		}

		else

		{

			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

			return;

		}

		File file = new File("jssecacerts");

		if (file.isFile() == false)

		{

			char SEP = File.separatorChar;

			File dir = new File("E:\\temp\\");

			file = new File(dir, "jssecacerts");

			if (file.isFile() == false)

			{

				file = new File(dir, "cacerts");

			}

		}

		System.out.println("Loading KeyStore " + file + "...");

		InputStream in = new FileInputStream(file);

		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

		ks.load(in, passphrase);

		in.close();

		SSLContext context = SSLContext.getInstance("TLS");

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(ks);

		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

		context.init(null, new TrustManager[] { tm }, null);

		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");

		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

		socket.setSoTimeout(10000);

		try

		{

			System.out.println("Starting SSL handshake...");

			socket.startHandshake();

			socket.close();

			System.out.println();

			System.out.println("No errors, certificate is already trusted");

		}

		catch (SSLException e)

		{

			System.out.println();

			e.printStackTrace(System.out);

		}

		X509Certificate[] chain = tm.chain;

		if (chain == null)

		{

			System.out.println("Could not obtain server certificate chain");

			return;

		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();

		System.out.println("Server sent " + chain.length + " certificate(s):");

		System.out.println();

		MessageDigest sha1 = MessageDigest.getInstance("SHA1");

		MessageDigest md5 = MessageDigest.getInstance("MD5");

		for (int i = 0; i < chain.length; i++)

		{

			X509Certificate cert = chain[i];

			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

			System.out.println("   Issuer  " + cert.getIssuerDN());

			sha1.update(cert.getEncoded());

			System.out.println("   sha1    " + toHexString(sha1.digest()));

			md5.update(cert.getEncoded());

			System.out.println("   md5     " + toHexString(md5.digest()));

			System.out.println();

		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

		String line = reader.readLine().trim();

		int k;

		try

		{

			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

		}

		catch (NumberFormatException e)

		{

			System.out.println("KeyStore not changed");

			return;

		}

		X509Certificate cert = chain[k];

		String alias = host + "-" + (k + 1);

		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");

		ks.store(out, passphrase);

		out.close();

		System.out.println();

		System.out.println(cert);

		System.out.println();

		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

	}

	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	private static String toHexString(byte[] bytes)

	{

		StringBuilder sb = new StringBuilder(bytes.length * 3);

		for (int b : bytes)

		{

			b &= 0xff;

			sb.append(HEXDIGITS[b >> 4]);

			sb.append(HEXDIGITS[b & 15]);

			sb.append(' ');

		}

		return sb.toString();

	}

	private static class SavingTrustManager implements X509TrustManager

	{

		private final X509TrustManager tm;

		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm)

		{

			this.tm = tm;

		}

		public X509Certificate[] getAcceptedIssuers()

		{

			throw new UnsupportedOperationException();

		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			throw new UnsupportedOperationException();

		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			this.chain = chain;

			tm.checkServerTrusted(chain, authType);

		}

	}

}

Java手动添加SSL证书的更多相关文章

  1. Centos7.4下用Docker-Compose部署WordPress(续)-服务器端用Nginx作为反向代理并添加SSL证书(阿里云免费DV证书)

    前言 在我写完Centos7.4下用Docker-Compose部署WordPress这篇文章后,我的个人博客已经正式的开始运作.但考虑到网站访问的安全性以及今后可能会重复利用服务器来部署其他网站的可 ...

  2. CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问

    参考文献: 1. NginxV1.8.0安装与配置 2. CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问 3. nginx配置ssl证书的方法 4.nginx强制使用https访问 ...

  3. 如何给网站添加SSL证书(免费)

    上篇讲了如何将网站部署到服务器上,这篇就讲如何给网站添加SSL证书. 1.先到腾讯云ssl证书认证那里申请一个证书 2.DNS认证 3.下载解压nginx里面的文件 4. 在服务器上/www目录下创建 ...

  4. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  5. 添加ssl证书

    ssl证书会使你的网站更加安全,防止isp在你的网站显示时添加广告,浏览网页时地址栏左边有一个绿色安全的图标,使用户感觉更加安全放心. 颁发ssl证书的机构很多,有收费的,也有免费的.当然对于自己的小 ...

  6. tomcat 添加 ssl 证书

    1. 将证书提供方给的证书(server.crt)及密钥文件(server.key)上传到服务器 tomcat 的 conf 目录 2. 在tomcat conf 目录下执行如下命令 (1) 生成P1 ...

  7. nginx添加ssl证书

    ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl 这个为全部配置, 需要替换你自己的域名,配置中强制https了 server ...

  8. 给php添加ssl证书

    composer下载时报错: The "https://packagist.org/packages.json" file could not be downloaded: SSL ...

  9. CentOS6.5 下在Nginx中添加SSL证书

    原文:https://www.cnblogs.com/wuling129/p/5039978.html 证书过期 ,更新证书,记录下 一.安装相关支持库:(未实践) yum -y install gc ...

随机推荐

  1. java 实现https请求

    java 实现https请求 JSSE是一个SSL和TLS的纯Java实现,通过JSSE可以很容易地编程实现对HTTPS站点的访问.但是,如果该站点的证书未经权威机构的验证,JSSE将拒绝信任该证书从 ...

  2. 【读书笔记】iOS网络-同步请求,队列式异步请求,异步请求的区别

    一,同步请求的最佳实践. 1,只在后台过程中使用同步请求,除非确定访问的是本地文件资源,否则请不要在主线程上使用. 2,只有在知道返回的数据不会超出应用的内存时才使用同步请求.记住,整个响应体都会位于 ...

  3. WWDC 2013 Session笔记 - UIKit Dynamics入门

    本文涉及到的WWDC2013 Session有 1.Session 206 Getting Started with UIKit Dynamics 2.Session 221 Advanced Tec ...

  4. mac os 错误提示:下载失败 使用已购页面再试一次 解决方法

    最近由于买了macbook,开始用mac os系统,发现一个奇怪的现象,在app store里下载应用,老是提示:下载失败 使用已购页面再试一次 原来一直不知道怎么解决这个问题,今天研究了下,发现解决 ...

  5. #VSTS日志# 15/11/18 插件应用市场,RM,包管理器等

    [小编]从今天开始,我将在这个博客上连载Visual Studio Team Service的定期更新.VSTS是Team Foundation Server 的在线版本,微软每3周会对这个服务进行更 ...

  6. yii2 数据导出 excel导出以及导出数据时列超过26列时解决办法

    作者:白狼 出处:http://www.manks.top/article/yii2_excel_extension​ 本文版权归作者,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给 ...

  7. 转载 sql 存储过程与函数区别

    SQL Server用户自定义函数和存储过程有类似的功能,都可以创建捆绑SQL语句,存储在server中供以后使用.这样能够极大地提高工作效率,通过以下的各种做法可以减少编程所需的时间: 重复使用编程 ...

  8. 身份证校验(java)

    判断是第几代身份证(第一代15位, 第二代18位) if (cardId.length() == 15 || cardId.length() == 18) { if (!this.cardCodeVe ...

  9. 0015 Java学习笔记-集合-TreeMap集合

    主要的方法 构造方法: TreeMap(); TreeMap(Comparator<?super K> comparator); TreeMap(Map<? extends K,? ...

  10. iOS 读取相册二维码,兼容ios7(使用CIDetector 和 ZXingObjC)

    ios从相册读取二维码,在ios8以上,苹果提供了自带的识别图片二维码的功能,这种方式效率最好,也是最推荐的,但是如果你的系统需要向下兼容ios7,就必须用其他方式. 这里我选择的是 ZXingObj ...