出现错误为 SSLHandshakeException - unable to find valid certification path to requested target

在服务器上找到对应的jssecacerts文件或cacerts, 一般在 <jre home>/lib/security 目录下, 在本地执行以下代码, 将cert添加到文件里,

再用新产生的jssecacerts放回覆盖旧文件(建议先备份)

package com.rockbb.test;

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert

{

	public static void main(String[] args) throws Exception

	{

		args = new String[]{"api.weixin.qq.com"};

		String host;

		int port;

		char[] passphrase;

		if ((args.length == 1) || (args.length == 2))

		{

			String[] c = args[0].split(":");

			host = c[0];

			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

			String p = (args.length == 1) ? "changeit" : args[1];

			passphrase = p.toCharArray();

		}

		else

		{

			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

			return;

		}

		File file = new File("jssecacerts");

		if (file.isFile() == false)

		{

			char SEP = File.separatorChar;

			File dir = new File("E:\\temp\\");

			file = new File(dir, "jssecacerts");

			if (file.isFile() == false)

			{

				file = new File(dir, "cacerts");

			}

		}

		System.out.println("Loading KeyStore " + file + "...");

		InputStream in = new FileInputStream(file);

		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

		ks.load(in, passphrase);

		in.close();

		SSLContext context = SSLContext.getInstance("TLS");

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(ks);

		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

		context.init(null, new TrustManager[] { tm }, null);

		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");

		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

		socket.setSoTimeout(10000);

		try

		{

			System.out.println("Starting SSL handshake...");

			socket.startHandshake();

			socket.close();

			System.out.println();

			System.out.println("No errors, certificate is already trusted");

		}

		catch (SSLException e)

		{

			System.out.println();

			e.printStackTrace(System.out);

		}

		X509Certificate[] chain = tm.chain;

		if (chain == null)

		{

			System.out.println("Could not obtain server certificate chain");

			return;

		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();

		System.out.println("Server sent " + chain.length + " certificate(s):");

		System.out.println();

		MessageDigest sha1 = MessageDigest.getInstance("SHA1");

		MessageDigest md5 = MessageDigest.getInstance("MD5");

		for (int i = 0; i < chain.length; i++)

		{

			X509Certificate cert = chain[i];

			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

			System.out.println("   Issuer  " + cert.getIssuerDN());

			sha1.update(cert.getEncoded());

			System.out.println("   sha1    " + toHexString(sha1.digest()));

			md5.update(cert.getEncoded());

			System.out.println("   md5     " + toHexString(md5.digest()));

			System.out.println();

		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

		String line = reader.readLine().trim();

		int k;

		try

		{

			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

		}

		catch (NumberFormatException e)

		{

			System.out.println("KeyStore not changed");

			return;

		}

		X509Certificate cert = chain[k];

		String alias = host + "-" + (k + 1);

		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");

		ks.store(out, passphrase);

		out.close();

		System.out.println();

		System.out.println(cert);

		System.out.println();

		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

	}

	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	private static String toHexString(byte[] bytes)

	{

		StringBuilder sb = new StringBuilder(bytes.length * 3);

		for (int b : bytes)

		{

			b &= 0xff;

			sb.append(HEXDIGITS[b >> 4]);

			sb.append(HEXDIGITS[b & 15]);

			sb.append(' ');

		}

		return sb.toString();

	}

	private static class SavingTrustManager implements X509TrustManager

	{

		private final X509TrustManager tm;

		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm)

		{

			this.tm = tm;

		}

		public X509Certificate[] getAcceptedIssuers()

		{

			throw new UnsupportedOperationException();

		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			throw new UnsupportedOperationException();

		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			this.chain = chain;

			tm.checkServerTrusted(chain, authType);

		}

	}

}

Java手动添加SSL证书的更多相关文章

  1. Centos7.4下用Docker-Compose部署WordPress(续)-服务器端用Nginx作为反向代理并添加SSL证书(阿里云免费DV证书)

    前言 在我写完Centos7.4下用Docker-Compose部署WordPress这篇文章后,我的个人博客已经正式的开始运作.但考虑到网站访问的安全性以及今后可能会重复利用服务器来部署其他网站的可 ...

  2. CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问

    参考文献: 1. NginxV1.8.0安装与配置 2. CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问 3. nginx配置ssl证书的方法 4.nginx强制使用https访问 ...

  3. 如何给网站添加SSL证书(免费)

    上篇讲了如何将网站部署到服务器上,这篇就讲如何给网站添加SSL证书. 1.先到腾讯云ssl证书认证那里申请一个证书 2.DNS认证 3.下载解压nginx里面的文件 4. 在服务器上/www目录下创建 ...

  4. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  5. 添加ssl证书

    ssl证书会使你的网站更加安全,防止isp在你的网站显示时添加广告,浏览网页时地址栏左边有一个绿色安全的图标,使用户感觉更加安全放心. 颁发ssl证书的机构很多,有收费的,也有免费的.当然对于自己的小 ...

  6. tomcat 添加 ssl 证书

    1. 将证书提供方给的证书(server.crt)及密钥文件(server.key)上传到服务器 tomcat 的 conf 目录 2. 在tomcat conf 目录下执行如下命令 (1) 生成P1 ...

  7. nginx添加ssl证书

    ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl 这个为全部配置, 需要替换你自己的域名,配置中强制https了 server ...

  8. 给php添加ssl证书

    composer下载时报错: The "https://packagist.org/packages.json" file could not be downloaded: SSL ...

  9. CentOS6.5 下在Nginx中添加SSL证书

    原文:https://www.cnblogs.com/wuling129/p/5039978.html 证书过期 ,更新证书,记录下 一.安装相关支持库:(未实践) yum -y install gc ...

随机推荐

  1. App开发流程之右滑返回手势功能

    iOS7以后,导航控制器,自带了从屏幕左边缘右滑返回的手势功能. 但是,如果自定义了导航栏返回按钮,这项功能就失效了,需要自行实现.又如果需要修改手势触发范围,还是需要自行实现. 广泛应用的一种实现方 ...

  2. 【代码笔记】iOS-点击出现选择框

    一,效果图. 二,工程图. 三,代码. RootViewController.h #import <UIKit/UIKit.h> @interface RootViewController ...

  3. 记一次eclipse无法启动的排查过程

    起因是本地为开发工程打包,总是提示 source 1.3 不支持注释.enum等等,但询问开发开发表示自己本地打包正常. 于是排查版本问题.开发的jdk是1.6版本,自己的是1.7,于是想要不降级吧, ...

  4. 在VC环境下执行代码出现错误

    这是在执行代码过程中出现的错误,源代码在别的电脑上能运行,在自己的VC里运行就出现错误,在网上也搜过解决办法,但还是有点不太理解,是编程环境的问题h还是代码本身也存在问题???

  5. Visual Studio 开发平台的安装与单元测试

    一.安装VS2013 1.运行安装文件夹中的.exe文件,选择好安装路径与所需功能后开始安装 2.安装后第一次打开,需要一段时间 3.安装成功后,要打开VS2013,在工具栏中找到帮助选项卡,点击注册 ...

  6. oracle的性能优化

    (1)      选择最有效率的表名顺序(只在基于规则的优化器中有效):ORACLE的解析器按照从右到左的顺序处理FROM子句中的表名,FROM子句中写在最后的表(基础表 driving table) ...

  7. laravel excel迁移到lumen

    1.简介 Laravel Excel 在 Laravel 5 中集成 PHPOffice 套件中的 PHPExcel ,从而方便我们以优雅的.富有表现力的代码实现Excel/CSV文件的导入和 导出  ...

  8. ORA-01501: CREATE DATABASE failed

    使用dbca建库时遇到ORA-01501: CREATE DATABASE failed这个错误,检查告警日志,发现有下面错误信息: SMON: enabling tx recovery Fri Ap ...

  9. 开启Tomcat 源码调试

    开启Tomcat 源码调试 因为工作的原因,需要了解Tomcat整个架构是如何设计的,正如要使用Spring MVC进行Web开发,需要了解Spring是如何设计的一样,有哪些主要的类,分别是用于干什 ...

  10. 遍历map的常用方法

    Map< String, String> map = new HashMap<String, String>();  map.put("a", " ...