在一次调试中,出现了这个错误:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

详细报错信息如下:

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

十二月 ,  :: 下午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [jsp] in context with path [] threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    ...  more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

这个错误最终定位在这个方法:

protected final String retrieveResponseFromServer(final URL validationUrl,

            final String ticket) {

        HttpURLConnection connection = null;

        try {

            connection = (HttpURLConnection) validationUrl.openConnection();

            final BufferedReader in = new BufferedReader(new InputStreamReader(

                    connection.getInputStream()));

            String line;

            final StringBuffer stringBuffer = new StringBuffer(255);

            synchronized (stringBuffer) {

                while ((line = in.readLine()) != null) {

                    stringBuffer.append(line);

                    stringBuffer.append("\n");

                }

                return stringBuffer.toString();

            }

        } catch (final IOException e) {

            log.error(e, e);

            return null;

        } catch (final Exception e1){

            log.error(e1, e1);

            return null;

        }finally {

            if (connection != null) {

                connection.disconnect();

            }

        }

    }

后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:

trustAllHttpsCertificates();

HttpsURLConnection.setDefaultHostnameVerifier(hv);

具体的实现是:

HostnameVerifier hv = new HostnameVerifier() {

        public boolean verify(String urlHostName, SSLSession session) {

            System.out.println("Warning: URL Host: " + urlHostName + " vs. "

                               + session.getPeerHost());

            return true;

        }

    };

    private static void trustAllHttpsCertificates() throws Exception {

        javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext

                .getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc

                .getSocketFactory());

    }

    static class miTM implements javax.net.ssl.TrustManager,

            javax.net.ssl.X509TrustManager {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

        public void checkClientTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

    }

附件:AbstractCasProtocolUrlBasedTicketValidator

解决CAS单点登录出现PKIX path building failed的问题的更多相关文章

  1. 解决 sun.security.validator.ValidatorException: PKIX path building failed

    今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...

  2. CAS 5.x搭建常见问题系列(2).PKIX path building failed

    错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...

  3. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  4. 解决java使用https协议请求出现证书不信任问题(PKIX path building failed)

    解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...

  5. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  6. 抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法

    抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...

  7. 解决PKIX path building failed

    起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...

  8. 解决PKIX path building failed的问题

    Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...

  9. 从头解决PKIX path building failed

    从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...

随机推荐

  1. 安卓SQLite数据库操作,半小时开发新闻管理系统,纯干货

    本教程致力于可以快速的学习安卓软件开发,希望能通过一系列自己手写的教程,帮助正在学习或想要学习安卓开发的同仁. 本教程由今日头条-全栈攻城狮号首发,都是一个字一个字码的.请尊重劳动成果,转载请注明出处 ...

  2. C#Combobox显示名称保存代码

    private void Form1_Load(object sender, EventArgs e) { DataTable dt = new DataTable(); dt.Columns.Add ...

  3. magento中的一些技巧

    1.加载某个attribute: $attributeCode=Mage::getModel('catalog/resource_eav_attribute')                     ...

  4. JQuery设置input属性(disabled、enabled)

    document.getElementById("removeButton").disabled = false; //普通Js写法 $("#removeButton&q ...

  5. bootstrap.css.map这个文件有何用处?该怎能使用它?

    . ├── bootstrap.css ├── bootstrap.css.map ├── bootstrap.min.css ├── bootstrap-theme.css ├── bootstra ...

  6. 20160329javaweb之JSP -cookie入门

    一.什么是会话? •会话可简单理解为:用户开一个浏览器,点击多个超链接,访问服务器多个web资源,然后关闭浏览器,整个过程称之为一个会话. 会话过程中要解决的一些问题? •每个用户在使用浏览器与服务器 ...

  7. AVAudioSession 的 AVAudioSessionCategory 和 AVAudioSessionCategoryOptions 相关

    AVAudioSessionCategory相关 AVAudioSessionCategoryAmbient 使用这个category的应用会随着静音键和屏幕关闭而静音.并且不会中止其它应用播放声音, ...

  8. asp:DateDiff 函数

    DateDiff 函数 返回 Variant (Long) 的值,表示两个指定日期间的时间间隔数目. 语法 DateDiff(interval, date1, date2[, firstdayofwe ...

  9. MySql免安装版配置方法

    第1步:下载如下图安装包 第2步:解压mysql压缩包,然后进入解压后的安装包 将my-default.ini复制一份,并改名为my.ini(我已经完成) 把下面内容复制到my.ini,并保存 [cl ...

  10. 02_Jquery_01_id选择器

    首先建立建立一个JavaWeb项目工程,导入jquery-1.5.1.js. (一)选择器--打印文本内容 [index.jsp] <%@ page language="java&qu ...