在一次调试中,出现了这个错误:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

详细报错信息如下:

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

十二月 ,  :: 下午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [jsp] in context with path [] threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    ...  more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

这个错误最终定位在这个方法:

protected final String retrieveResponseFromServer(final URL validationUrl,

            final String ticket) {

        HttpURLConnection connection = null;

        try {

            connection = (HttpURLConnection) validationUrl.openConnection();

            final BufferedReader in = new BufferedReader(new InputStreamReader(

                    connection.getInputStream()));

            String line;

            final StringBuffer stringBuffer = new StringBuffer(255);

            synchronized (stringBuffer) {

                while ((line = in.readLine()) != null) {

                    stringBuffer.append(line);

                    stringBuffer.append("\n");

                }

                return stringBuffer.toString();

            }

        } catch (final IOException e) {

            log.error(e, e);

            return null;

        } catch (final Exception e1){

            log.error(e1, e1);

            return null;

        }finally {

            if (connection != null) {

                connection.disconnect();

            }

        }

    }

后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:

trustAllHttpsCertificates();

HttpsURLConnection.setDefaultHostnameVerifier(hv);

具体的实现是:

HostnameVerifier hv = new HostnameVerifier() {

        public boolean verify(String urlHostName, SSLSession session) {

            System.out.println("Warning: URL Host: " + urlHostName + " vs. "

                               + session.getPeerHost());

            return true;

        }

    };

    private static void trustAllHttpsCertificates() throws Exception {

        javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext

                .getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc

                .getSocketFactory());

    }

    static class miTM implements javax.net.ssl.TrustManager,

            javax.net.ssl.X509TrustManager {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

        public void checkClientTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

    }

附件:AbstractCasProtocolUrlBasedTicketValidator

解决CAS单点登录出现PKIX path building failed的问题的更多相关文章

  1. 解决 sun.security.validator.ValidatorException: PKIX path building failed

    今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...

  2. CAS 5.x搭建常见问题系列(2).PKIX path building failed

    错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...

  3. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  4. 解决java使用https协议请求出现证书不信任问题(PKIX path building failed)

    解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...

  5. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  6. 抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法

    抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...

  7. 解决PKIX path building failed

    起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...

  8. 解决PKIX path building failed的问题

    Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...

  9. 从头解决PKIX path building failed

    从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...

随机推荐

  1. 一个项目覆盖CS所有课程的可行性探究

    我们先看计算机科学有哪些子领域. 学术领域有: 计算理论 信息和编码理论 算法和数据结构 形式化方法 程序设计语言 实践领域有: 计算机体系结构 并行计算和分布式系统 实时系统和嵌入式系统 操作系统 ...

  2. 将商品SKU数据按商品分组,组装成json数据

    需要封装的数据   将这些数据,分组出来,OLGoodsID相同的为一组,然后每个组的OLSKUID,放在一个字段里,变成 [{"OLGoodID":"test06261 ...

  3. JAVA长连接demo

    http://blog.csdn.net/caomiao2006/article/details/38830475 JAVA长连接demo 2014-08-25 23:20 4767人阅读 评论(2) ...

  4. 总结Qt中经常出现的一些问题

    1.Qt中用高版本打开低版本的工程 编译时出现错误 : C1189: #error :  "This file was generated using the moc from 4.7.0. ...

  5. Find Minimum in Rotated Sorted Array问题的困惑

    今天做了两题,第二题没解出来,发现太麻烦了,放弃了……明天脑子清楚的时候再做. 第一题就是标题中的这个问题.在一个旋转排序数组中找出最小的值. 针对该问题出了两道不同要求的题目,分别是不考虑重复元素的 ...

  6. leetcode处女作

    闲来无事[真的吗?你确定→_→ 在leetcode上刷了一道题.费时一小时,也是醉了.谨以此文,纪念我的伟大成果.[呵呵 题目是找出非排序数组中缺少的最小正整数.要求时间复杂度O(n),空间复杂度为常 ...

  7. C#&JQuery非缓存式无刷新临时存储数据之仿购物车功能

    感谢广大博问博友的帮助和共同研究讨论,终于实现了一个无缓存无刷新仿购物车的小功能: 一.实现效果简述: 有一种列表,是由双层Repeater嵌套,第一层用来显示类别,第二层用来显示类别下的商品数据, ...

  8. ios 相册相关

    1.ALAssetsLibrary 系统中的资源库,可以使用他来访问资源库中的资源,照片.视屏等.     [ALAssetsLibrary authorizationStatus];获取当前应用能否 ...

  9. 不一样的编码风格--Lambda表达式

    Lambda表达式也是C#3.0中最重要的特性之一. 1.Lambda表达式的简介 Lambda表达式可以理解为一个匿名方法,它可以包含表达式和语句,并且用于创建委托或转换为表达式树.在使用Lambd ...

  10. 互联网金融爬虫怎么写-第一课 p2p网贷爬虫(XPath入门)

    版权声明:本文为博主原创文章,未经博主允许不得转载. 相关教程: 手把手教你写电商爬虫-第一课 找个软柿子捏捏 手把手教你写电商爬虫-第二课 实战尚妆网分页商品采集爬虫 手把手教你写电商爬虫-第三课 ...