出现错误为 SSLHandshakeException - unable to find valid certification path to requested target

在服务器上找到对应的jssecacerts文件或cacerts, 一般在 <jre home>/lib/security 目录下, 在本地执行以下代码, 将cert添加到文件里,

再用新产生的jssecacerts放回覆盖旧文件(建议先备份)

package com.rockbb.test;

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert

{

	public static void main(String[] args) throws Exception

	{

		args = new String[]{"api.weixin.qq.com"};

		String host;

		int port;

		char[] passphrase;

		if ((args.length == 1) || (args.length == 2))

		{

			String[] c = args[0].split(":");

			host = c[0];

			port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

			String p = (args.length == 1) ? "changeit" : args[1];

			passphrase = p.toCharArray();

		}

		else

		{

			System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

			return;

		}

		File file = new File("jssecacerts");

		if (file.isFile() == false)

		{

			char SEP = File.separatorChar;

			File dir = new File("E:\\temp\\");

			file = new File(dir, "jssecacerts");

			if (file.isFile() == false)

			{

				file = new File(dir, "cacerts");

			}

		}

		System.out.println("Loading KeyStore " + file + "...");

		InputStream in = new FileInputStream(file);

		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

		ks.load(in, passphrase);

		in.close();

		SSLContext context = SSLContext.getInstance("TLS");

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(ks);

		X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

		SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

		context.init(null, new TrustManager[] { tm }, null);

		SSLSocketFactory factory = context.getSocketFactory();

		System.out.println("Opening connection to " + host + ":" + port + "...");

		SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

		socket.setSoTimeout(10000);

		try

		{

			System.out.println("Starting SSL handshake...");

			socket.startHandshake();

			socket.close();

			System.out.println();

			System.out.println("No errors, certificate is already trusted");

		}

		catch (SSLException e)

		{

			System.out.println();

			e.printStackTrace(System.out);

		}

		X509Certificate[] chain = tm.chain;

		if (chain == null)

		{

			System.out.println("Could not obtain server certificate chain");

			return;

		}

		BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

		System.out.println();

		System.out.println("Server sent " + chain.length + " certificate(s):");

		System.out.println();

		MessageDigest sha1 = MessageDigest.getInstance("SHA1");

		MessageDigest md5 = MessageDigest.getInstance("MD5");

		for (int i = 0; i < chain.length; i++)

		{

			X509Certificate cert = chain[i];

			System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());

			System.out.println("   Issuer  " + cert.getIssuerDN());

			sha1.update(cert.getEncoded());

			System.out.println("   sha1    " + toHexString(sha1.digest()));

			md5.update(cert.getEncoded());

			System.out.println("   md5     " + toHexString(md5.digest()));

			System.out.println();

		}

		System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

		String line = reader.readLine().trim();

		int k;

		try

		{

			k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

		}

		catch (NumberFormatException e)

		{

			System.out.println("KeyStore not changed");

			return;

		}

		X509Certificate cert = chain[k];

		String alias = host + "-" + (k + 1);

		ks.setCertificateEntry(alias, cert);

		OutputStream out = new FileOutputStream("jssecacerts");

		ks.store(out, passphrase);

		out.close();

		System.out.println();

		System.out.println(cert);

		System.out.println();

		System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");

	}

	private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

	private static String toHexString(byte[] bytes)

	{

		StringBuilder sb = new StringBuilder(bytes.length * 3);

		for (int b : bytes)

		{

			b &= 0xff;

			sb.append(HEXDIGITS[b >> 4]);

			sb.append(HEXDIGITS[b & 15]);

			sb.append(' ');

		}

		return sb.toString();

	}

	private static class SavingTrustManager implements X509TrustManager

	{

		private final X509TrustManager tm;

		private X509Certificate[] chain;

		SavingTrustManager(X509TrustManager tm)

		{

			this.tm = tm;

		}

		public X509Certificate[] getAcceptedIssuers()

		{

			throw new UnsupportedOperationException();

		}

		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			throw new UnsupportedOperationException();

		}

		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException

		{

			this.chain = chain;

			tm.checkServerTrusted(chain, authType);

		}

	}

}

Java手动添加SSL证书的更多相关文章

  1. Centos7.4下用Docker-Compose部署WordPress(续)-服务器端用Nginx作为反向代理并添加SSL证书(阿里云免费DV证书)

    前言 在我写完Centos7.4下用Docker-Compose部署WordPress这篇文章后,我的个人博客已经正式的开始运作.但考虑到网站访问的安全性以及今后可能会重复利用服务器来部署其他网站的可 ...

  2. CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问

    参考文献: 1. NginxV1.8.0安装与配置 2. CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问 3. nginx配置ssl证书的方法 4.nginx强制使用https访问 ...

  3. 如何给网站添加SSL证书(免费)

    上篇讲了如何将网站部署到服务器上,这篇就讲如何给网站添加SSL证书. 1.先到腾讯云ssl证书认证那里申请一个证书 2.DNS认证 3.下载解压nginx里面的文件 4. 在服务器上/www目录下创建 ...

  4. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  5. 添加ssl证书

    ssl证书会使你的网站更加安全,防止isp在你的网站显示时添加广告,浏览网页时地址栏左边有一个绿色安全的图标,使用户感觉更加安全放心. 颁发ssl证书的机构很多,有收费的,也有免费的.当然对于自己的小 ...

  6. tomcat 添加 ssl 证书

    1. 将证书提供方给的证书(server.crt)及密钥文件(server.key)上传到服务器 tomcat 的 conf 目录 2. 在tomcat conf 目录下执行如下命令 (1) 生成P1 ...

  7. nginx添加ssl证书

    ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl 这个为全部配置, 需要替换你自己的域名,配置中强制https了 server ...

  8. 给php添加ssl证书

    composer下载时报错: The "https://packagist.org/packages.json" file could not be downloaded: SSL ...

  9. CentOS6.5 下在Nginx中添加SSL证书

    原文:https://www.cnblogs.com/wuling129/p/5039978.html 证书过期 ,更新证书,记录下 一.安装相关支持库:(未实践) yum -y install gc ...

随机推荐

  1. 安卓开发NDK环境搭建

    第一步preferences - android - NDK 第二步 输入ndk文件所在目录 第三步 创建文件名(右击项目,阿 androidtool - add native sppuort)

  2. 原 ng-include用法分析以及多标签页面的简单实现方式

    Demo:http://webenh.chinacloudsites.cn/Default/Demo2 在平时的项目开发中,应该会经常遇到上图所示的需求,就是在一个页面中有多个标签,被选中的标签颜色会 ...

  3. input 默认值为灰色,输入时清楚默认值

    input 默认值为灰色,输入时清楚默认值 <input value="please input your name" onFocus="if(value==def ...

  4. 烂泥:nginx负载均衡

    本文由秀依林枫提供友情赞助,首发于烂泥行天下. 今天我们来学习下有关nginx的负载均衡配置.nginx的负载均衡是通过nginx的upstream模块和proxy_pass反向代理来实现的. 说明: ...

  5. Makefile内嵌函数

    subst字符串替换函数 $(subst <from>, <to>, <text>),把<text>中的<from>字符串替换成<to ...

  6. 使用 jsoup 解析HTML

    // 参考资料: // http://www.jb51.net/article/43485.htm @Test public void AnalysisHTMLByString() { String ...

  7. ELF Format 笔记(五)—— 特殊 Section

    ilocker:关注 Android 安全(新入行,0基础) QQ: 2597294287 链接器把一些独立的 object files 和库文件链接起来,形成可执行文件.在这个过程中,链接器需要解决 ...

  8. 通过SecureCRT访问亚马逊Amazon EC2主机

    亚马逊推出了免费的云主机服务器 Amazon EC2,它是通过安全密钥来访问主机的. 问题是下载的密钥在SecureCRT 上无法直接使用,需要转换. 下面的方法可以在自己的linux主机上生成sec ...

  9. 理解 OpenStack Swift (3):监控和一些影响性能的因素 [Monitoring and Performance]

    本系列文章着重学习和研究OpenStack Swift,包括环境搭建.原理.架构.监控和性能等. (1)OpenStack + 三节点Swift 集群+ HAProxy + UCARP 安装和配置 ( ...

  10. [书目20160526]Brain Rules 让大脑自由:释放天赋的12条定律

    推荐序1 12条定律,让大脑更聪明推荐序2 走过迷雾地带前  言 人人都有一个不可思议的大脑 定律1:越运动,大脑越聪明 信不信,“驴友”比“沙发土豆”更聪明! 老板,请把办公室的咖啡机换成跑步机! ...