出现错误为 SSLHandshakeException - unable to find valid certification path to requested target

在服务器上找到对应的jssecacerts文件或cacerts, 一般在 <jre home>/lib/security 目录下, 在本地执行以下代码, 将cert添加到文件里,

再用新产生的jssecacerts放回覆盖旧文件(建议先备份)

package com.rockbb.test;

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert

{

	public static void main(String[] args) throws Exception

	{

		args = new String[]{"api.weixin.qq.com"};

		String host;

		int port;

		char[] passphrase;

		if ((args.length == 1) || (args.length == 2))

		{

			String[] c = args[0].split(":");

			host = c[0];

			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

			String p = (args.length == 1) ? "changeit" : args[1];

			passphrase = p.toCharArray();

		}

		else

		{

			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

			return;

		}

		File file = new File("jssecacerts");

		if (file.isFile() == false)

		{

			char SEP = File.separatorChar;

			File dir = new File("E:\\temp\\");

			file = new File(dir, "jssecacerts");

			if (file.isFile() == false)

			{

				file = new File(dir, "cacerts");

			}

		}

		System.out.println("Loading KeyStore " + file + "...");

		InputStream in = new FileInputStream(file);

		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

		ks.load(in, passphrase);

		in.close();

		SSLContext context = SSLContext.getInstance("TLS");

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(ks);

		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

		context.init(null, new TrustManager[] { tm }, null);

		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");

		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

		socket.setSoTimeout(10000);

		try

		{

			System.out.println("Starting SSL handshake...");

			socket.startHandshake();

			socket.close();

			System.out.println();

			System.out.println("No errors, certificate is already trusted");

		}

		catch (SSLException e)

		{

			System.out.println();

			e.printStackTrace(System.out);

		}

		X509Certificate[] chain = tm.chain;

		if (chain == null)

		{

			System.out.println("Could not obtain server certificate chain");

			return;

		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();

		System.out.println("Server sent " + chain.length + " certificate(s):");

		System.out.println();

		MessageDigest sha1 = MessageDigest.getInstance("SHA1");

		MessageDigest md5 = MessageDigest.getInstance("MD5");

		for (int i = 0; i < chain.length; i++)

		{

			X509Certificate cert = chain[i];

			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

			System.out.println("   Issuer  " + cert.getIssuerDN());

			sha1.update(cert.getEncoded());

			System.out.println("   sha1    " + toHexString(sha1.digest()));

			md5.update(cert.getEncoded());

			System.out.println("   md5     " + toHexString(md5.digest()));

			System.out.println();

		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

		String line = reader.readLine().trim();

		int k;

		try

		{

			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

		}

		catch (NumberFormatException e)

		{

			System.out.println("KeyStore not changed");

			return;

		}

		X509Certificate cert = chain[k];

		String alias = host + "-" + (k + 1);

		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");

		ks.store(out, passphrase);

		out.close();

		System.out.println();

		System.out.println(cert);

		System.out.println();

		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

	}

	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	private static String toHexString(byte[] bytes)

	{

		StringBuilder sb = new StringBuilder(bytes.length * 3);

		for (int b : bytes)

		{

			b &= 0xff;

			sb.append(HEXDIGITS[b >> 4]);

			sb.append(HEXDIGITS[b & 15]);

			sb.append(' ');

		}

		return sb.toString();

	}

	private static class SavingTrustManager implements X509TrustManager

	{

		private final X509TrustManager tm;

		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm)

		{

			this.tm = tm;

		}

		public X509Certificate[] getAcceptedIssuers()

		{

			throw new UnsupportedOperationException();

		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			throw new UnsupportedOperationException();

		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			this.chain = chain;

			tm.checkServerTrusted(chain, authType);

		}

	}

}

Java手动添加SSL证书的更多相关文章

  1. Centos7.4下用Docker-Compose部署WordPress(续)-服务器端用Nginx作为反向代理并添加SSL证书(阿里云免费DV证书)

    前言 在我写完Centos7.4下用Docker-Compose部署WordPress这篇文章后,我的个人博客已经正式的开始运作.但考虑到网站访问的安全性以及今后可能会重复利用服务器来部署其他网站的可 ...

  2. CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问

    参考文献: 1. NginxV1.8.0安装与配置 2. CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问 3. nginx配置ssl证书的方法 4.nginx强制使用https访问 ...

  3. 如何给网站添加SSL证书(免费)

    上篇讲了如何将网站部署到服务器上,这篇就讲如何给网站添加SSL证书. 1.先到腾讯云ssl证书认证那里申请一个证书 2.DNS认证 3.下载解压nginx里面的文件 4. 在服务器上/www目录下创建 ...

  4. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  5. 添加ssl证书

    ssl证书会使你的网站更加安全,防止isp在你的网站显示时添加广告,浏览网页时地址栏左边有一个绿色安全的图标,使用户感觉更加安全放心. 颁发ssl证书的机构很多,有收费的,也有免费的.当然对于自己的小 ...

  6. tomcat 添加 ssl 证书

    1. 将证书提供方给的证书(server.crt)及密钥文件(server.key)上传到服务器 tomcat 的 conf 目录 2. 在tomcat conf 目录下执行如下命令 (1) 生成P1 ...

  7. nginx添加ssl证书

    ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl 这个为全部配置, 需要替换你自己的域名,配置中强制https了 server ...

  8. 给php添加ssl证书

    composer下载时报错: The "https://packagist.org/packages.json" file could not be downloaded: SSL ...

  9. CentOS6.5 下在Nginx中添加SSL证书

    原文:https://www.cnblogs.com/wuling129/p/5039978.html 证书过期 ,更新证书,记录下 一.安装相关支持库:(未实践) yum -y install gc ...

随机推荐

  1. Photo Shop 设置

    1. 编辑 > 首选项 > 单位与标尺 2. 面板 在『窗口』 菜单下开启: 工具 选项 信息(F8) 图层(F7) 历史记录 可以将设置好的面板保存下来,这样下次别人弄乱了你的面板后,你 ...

  2. MVC中使用SignaIR入门教程

    一.前言:每次写总要说一点最近的感想 进入工作快半年了,昨天是最郁闷的一天,我怀疑我是不是得了"星期一综合征",每个星期一很没有状态.全身都有点酸痛,这个可能一个星期只有周末才打一 ...

  3. WPF学习之路(五) 实例:写字板

    写字板实例一 MainWindow.xaml <Window x:Class="Wordpad01.MainWindow" xmlns="http://schema ...

  4. Nodejs之MEAN栈开发(九)---- 用户评论的增加/删除/修改

    由于工作中做实时通信的项目,需要用到Nodejs做通讯转接功能,刚开始接触,很多都不懂,于是我和同事就准备去学习nodejs,结合nodejs之MEAN栈实战书籍<Getting.MEAN.wi ...

  5. EasyUi 改变 selelct 的 下拉内容 div 的高度

    直接上 效果图: 修改之后的  滚动条高度: 代码:  源代码下载

  6. java中equals和"=="的区别

    "=="号,它比较的是一个对象在内存中的地址值, 比如2个字符串对象String s1 = new String("str");String s2 = new ...

  7. 0012 win7x64安装CentOS7

    00 准备工作 到VirtualBox官网下载Oracle VM VirtualBox 5.1.8:https://www.virtualbox.org/wiki/Downloads 到centos官 ...

  8. MongoDB学习——基础入门

    MongoDB--基础入门 MongoDB是目前比较流行的一种非关系型数据库(NoSql),他的优势这里不废话,我们关注怎么使用它. 安装 下载,首先肯定要去下载,我们去官网下载,在国内,可能没FQ可 ...

  9. 搭建持续集成接口测试平台(Jenkins+Ant+Jmeter)

    一.环境准备: 1.JDK:http://www.oracle.com/technetwork/java/javase/downloads/index.html 2.Jmeter:http://jme ...

  10. Ineedle驱动方式dpdk测试性能

    这次主要是测试在dpdk方案下,ineedle的处理包的性能. 发包工具: 使用立永当时写的一个发包工具:linux_pcap 做法:大概是从网上抓取了一些数据包,将源ip替换为随即ip,sip替换为 ...