在一次调试中,出现了这个错误:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

详细报错信息如下:

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

十二月 ,  :: 下午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [jsp] in context with path [] threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    ...  more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

这个错误最终定位在这个方法:

protected final String retrieveResponseFromServer(final URL validationUrl,

            final String ticket) {

        HttpURLConnection connection = null;

        try {

            connection = (HttpURLConnection) validationUrl.openConnection();

            final BufferedReader in = new BufferedReader(new InputStreamReader(

                    connection.getInputStream()));

            String line;

            final StringBuffer stringBuffer = new StringBuffer(255);

            synchronized (stringBuffer) {

                while ((line = in.readLine()) != null) {

                    stringBuffer.append(line);

                    stringBuffer.append("\n");

                }

                return stringBuffer.toString();

            }

        } catch (final IOException e) {

            log.error(e, e);

            return null;

        } catch (final Exception e1){

            log.error(e1, e1);

            return null;

        }finally {

            if (connection != null) {

                connection.disconnect();

            }

        }

    }

后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:

trustAllHttpsCertificates();

HttpsURLConnection.setDefaultHostnameVerifier(hv);

具体的实现是:

HostnameVerifier hv = new HostnameVerifier() {

        public boolean verify(String urlHostName, SSLSession session) {

            System.out.println("Warning: URL Host: " + urlHostName + " vs. "

                               + session.getPeerHost());

            return true;

        }

    };

    private static void trustAllHttpsCertificates() throws Exception {

        javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext

                .getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc

                .getSocketFactory());

    }

    static class miTM implements javax.net.ssl.TrustManager,

            javax.net.ssl.X509TrustManager {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

        public void checkClientTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

    }

附件:AbstractCasProtocolUrlBasedTicketValidator

解决CAS单点登录出现PKIX path building failed的问题的更多相关文章

  1. 解决 sun.security.validator.ValidatorException: PKIX path building failed

    今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...

  2. CAS 5.x搭建常见问题系列(2).PKIX path building failed

    错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...

  3. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  4. 解决java使用https协议请求出现证书不信任问题(PKIX path building failed)

    解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...

  5. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  6. 抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法

    抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...

  7. 解决PKIX path building failed

    起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...

  8. 解决PKIX path building failed的问题

    Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...

  9. 从头解决PKIX path building failed

    从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...

随机推荐

  1. E: Sub-process /usr/bin/dpkg returned an error code (1)

    E: Sub-process /usr/bin/dpkg returned an error code (1) 错误描述 dpkg: error processing archive /var/cac ...

  2. yii中的自定义组件

    yii中的自定义组件(组件就是一些自定义的公用类) 1.在项目目录中的protected/components/Xxxx.php 2.在Xxxx.php中定义一个类,类名必须与文件名相同 3.控制器中 ...

  3. YII中的session和cookie

    session的使用 存储数据 Yii::app()->session["名"] = 值; 取数据 $变量 = Yii::app()->session["名& ...

  4. (转)ASP.net中Timer无刷新定时器.

    Timer控件要实现无刷新,得用到ajax技术 首先得添加一个ScriptManager控件,然后再添加一个UpdatePanel用于存放Timer控件内容的,就可以实现无刷新了.下面是详细的内容: ...

  5. 深入理解C#中this/partial/null的使用

    一.this关键字作用 1.this表示当前运行中的对象 Eg: public class Person { public int age; public string name; public Pe ...

  6. ns2出现Client: Handoff Attempt的情况解决

    找到mac/mac-802_11.cc,这是系统本身一个bug,对于adhoc网络无需进行切换尝试. > if (*rcount == 3 && handoff == 0) {& ...

  7. WindowListener中的windowClosed方法不执行的问题。

    1.在正常情况下windowClosed方法不执行: 2.调用dispose方法,windowClosed方法会执行.例如:在windowClosing方法中执行dispose方法,windowClo ...

  8. ios 系统参数用法

    qi前言:写一个宏来选择性地编译与运行为不同iOS所写的代码来支持多个版本的ios工程 #if __IPHONE_OS_VERSION_MIN_REQUIRED #import "xxxxx ...

  9. 漫话JavaScript与异步·第一话——异步:何处惹尘埃

    自JavaScript诞生之日起,频繁与异步打交道便是这门语言的使命,并为此衍生出了许多设计和理念.因此,深入理解异步的概念对于前端工程师来说极为重要. 什么是异步? 程序是分"块" ...

  10. 02_Jquery_01_id选择器

    首先建立建立一个JavaWeb项目工程,导入jquery-1.5.1.js. (一)选择器--打印文本内容 [index.jsp] <%@ page language="java&qu ...