在一次调试中,出现了这个错误:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

详细报错信息如下:

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

十二月 ,  :: 下午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [jsp] in context with path [] threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:)

    at java.lang.Thread.run(Thread.java:)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:)

    ...  more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:)

    at sun.security.validator.Validator.validate(Validator.java:)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:)

    ...  more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:)

    ...  more

这个错误最终定位在这个方法:

protected final String retrieveResponseFromServer(final URL validationUrl,

            final String ticket) {

        HttpURLConnection connection = null;

        try {

            connection = (HttpURLConnection) validationUrl.openConnection();

            final BufferedReader in = new BufferedReader(new InputStreamReader(

                    connection.getInputStream()));

            String line;

            final StringBuffer stringBuffer = new StringBuffer(255);

            synchronized (stringBuffer) {

                while ((line = in.readLine()) != null) {

                    stringBuffer.append(line);

                    stringBuffer.append("\n");

                }

                return stringBuffer.toString();

            }

        } catch (final IOException e) {

            log.error(e, e);

            return null;

        } catch (final Exception e1){

            log.error(e1, e1);

            return null;

        }finally {

            if (connection != null) {

                connection.disconnect();

            }

        }

    }

后来上网查了很久,说是证书出问题了,服务器不信任我们自己创建的证书,所以在代码中必须要忽略证书信任问题。只要在创建connection之前调用两个方法:

trustAllHttpsCertificates();

HttpsURLConnection.setDefaultHostnameVerifier(hv);

具体的实现是:

HostnameVerifier hv = new HostnameVerifier() {

        public boolean verify(String urlHostName, SSLSession session) {

            System.out.println("Warning: URL Host: " + urlHostName + " vs. "

                               + session.getPeerHost());

            return true;

        }

    };

    private static void trustAllHttpsCertificates() throws Exception {

        javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext

                .getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc

                .getSocketFactory());

    }

    static class miTM implements javax.net.ssl.TrustManager,

            javax.net.ssl.X509TrustManager {

        public java.security.cert.X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(

                java.security.cert.X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

        public void checkClientTrusted(

                java.security.cert.X509Certificate[] certs, String authType)

                throws java.security.cert.CertificateException {

            return;

        }

    }

附件:AbstractCasProtocolUrlBasedTicketValidator

解决CAS单点登录出现PKIX path building failed的问题的更多相关文章

  1. 解决 sun.security.validator.ValidatorException: PKIX path building failed

    今天用java HttpClients写爬虫在访问某Https站点报如下错误: sun.security.validator.ValidatorException: PKIX path buildin ...

  2. CAS 5.x搭建常见问题系列(2).PKIX path building failed

    错误原因 服务端的证书是不安全的,Cas的客户端在调用时因为安全提醒造成调用失败. CAS的客户端需要导入服务端的证书后,就正常了. 具体操作步骤如下: 1. 首先启动tomcat,看下之前搭建的ca ...

  3. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  4. 解决java使用https协议请求出现证书不信任问题(PKIX path building failed)

    解决https请求时出现pkix path building fail错误 方法 将submail.cer 安全证书导入到java中的cacerts证书库 (sumail是我从https://api. ...

  5. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  6. 抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法

    抓取https网页时,报错sun.security.validator.ValidatorException: PKIX path building failed 解决办法 原因是https证书问题, ...

  7. 解决PKIX path building failed

    起因 上周在生产环境部署时,把安全证书加到k8s-ingress中时发现报该错误 解决 找网上解决方案,因为这种问题相对比较少见,也没百度,直接谷歌,找到解决方案如下:https://stackove ...

  8. 解决PKIX path building failed的问题

    Java在请求某些不受信任的https网站时会报:PKIX path building failed 解决方法一:使用keytool手动导入证书,为JRE环境导入信任证书 参考:http://www. ...

  9. 从头解决PKIX path building failed

    从头解决PKIX path building failed的问题 本篇涉及到PKIX path building failed的原因和解决办法(包括暂时解决和长效解决的方法),也包括HTTP和HTTP ...

随机推荐

  1. (转)ASP.net的url重写

    1. 有关于URL的重写,本文也只是拿来主意.相继有MS的组件“URLRewriter”和在Global.asax里的“Application_BeginRequest()”编码方式,以及IIS里的I ...

  2. C#微信公众号开发 -- (六)自定义菜单事件之CLICK

    微信公众号中当用户手动点击了按钮,微信公众号会被动的向用户发送文字消息或者图文消息. 通过C#微信公众号开发 -- (五)自定义菜单创建 我们知道了如何将CLICK类型的按钮添加到自己的微信公众平台上 ...

  3. UML类图细节

    类图表述的是类和类之间的关系,是前期用来推演代码设计,后期用来优化代码的结构,寻找设计不合理之处.网上解释类图和类图的画法,往往表述的十分晦涩,或者例子呆板,很难具体的操作. 类图一般在详细设计过程中 ...

  4. c语言学习之基础知识点介绍(十九):内存操作函数

    一.malloc函数 /* 首先需要导入头文件 #include <stdlib.h> malloc void* malloc(n); n是字节大小 开辟堆空间,开辟的字节数以n为准 返回 ...

  5. 经历:easyui的datagrid没有数据滚动条的显示

    今天,一个用户提出一个这样的问题,"查询不到结果时,为什么我看不到后面的标题呢?" 最初,我听到这个问题时,第一反应是:查出来数据不就有滚动条了吗,干嘛非要较真呢? 不过,后来想想 ...

  6. UVA 11549 CALCULATOR CONUNDRUM(Floyd判圈算法)

    CALCULATOR CONUNDRUM   Alice got a hold of an old calculator that can display n digits. She was bore ...

  7. Codevs 5059 一起去打CS

    5059 一起去打CS 时间限制: 1 s 空间限制: 32000 KB 题目等级 : 钻石 Diamond 题目描述 Description 早就和lyk约好了去打cs,一直没找着时间,终于今天我家 ...

  8. 九度OJ 1042 Coincidence -- 动态规划(最长公共子序列)

    题目地址:http://ac.jobdu.com/problem.php?pid=1042 题目描述: Find a longest common subsequence of two strings ...

  9. redis php 实例

    redis php 实例一 redis的操作很多的,以前看到一个比较全的博客,但是现在找不到了.查个东西搜半天,下面整理一下php处理redis的例子,个人觉得常用一些例子.下面的例子都是基于php- ...

  10. Extjs发票管理系统

    技术特点:Extjs框架,三层架构,Ajax,json 1.仿office2007菜单.介面美观大方,可动态更改皮肤保存至cookie. 2,json数据源与实体类的相互转换. 3.可下载桌面版登录方 ...