在执行webservice的过程中,出现如下异常:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

这是缺少安全证书时出现的异常,解决方案就是将你要访问的webservice的安全认证证书导入到客户端即可。以下是获取安全证书的一种方法

1,写一个程序专门获取安全证书,参考InstallCert.java:

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {

    String host;

    int port;

    char[] passphrase;

    if ((args.length == 1) || (args.length == 2)) {

        String[] c = args[0].split(":");

        host = c[0];

        port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

        String p = (args.length == 1) ? "changeit" : args[1];

        passphrase = p.toCharArray();

    } else {

        System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

        return;

    }

    File file = new File("jssecacerts");

    if (file.isFile() == false) {

        char SEP = File.separatorChar;

        File dir = new File(System.getProperty("java.home") + SEP

            + "lib" + SEP + "security");

        file = new File(dir, "jssecacerts");

        if (file.isFile() == false) {

        file = new File(dir, "cacerts");

        }

    }

    System.out.println("Loading KeyStore " + file + "...");

    InputStream in = new FileInputStream(file);

    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    ks.load(in, passphrase);

    in.close();

    SSLContext context = SSLContext.getInstance("TLS");

    TrustManagerFactory tmf =

        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

    tmf.init(ks);

    X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];

    SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

    context.init(null, new TrustManager[] {tm}, null);

    SSLSocketFactory factory = context.getSocketFactory();

    System.out.println("Opening connection to " + host + ":" + port + "...");

    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

    socket.setSoTimeout(10000);

    try {

        System.out.println("Starting SSL handshake...");

        socket.startHandshake();

        socket.close();

        System.out.println();

        System.out.println("No errors, certificate is already trusted");

    } catch (SSLException e) {

        System.out.println();

        e.printStackTrace(System.out);

    }

    X509Certificate[] chain = tm.chain;

    if (chain == null) {

        System.out.println("Could not obtain server certificate chain");

        return;

    }

    BufferedReader reader =

        new BufferedReader(new InputStreamReader(System.in));

    System.out.println();

    System.out.println("Server sent " + chain.length + " certificate(s):");

    System.out.println();

    MessageDigest sha1 = MessageDigest.getInstance("SHA1");

    MessageDigest md5 = MessageDigest.getInstance("MD5");

    for (int i = 0; i < chain.length; i++) {

        X509Certificate cert = chain[i];

        System.out.println

            (" " + (i + 1) + " Subject " + cert.getSubjectDN());

        System.out.println("   Issuer  " + cert.getIssuerDN());

        sha1.update(cert.getEncoded());

        System.out.println("   sha1    " + toHexString(sha1.digest()));

        md5.update(cert.getEncoded());

        System.out.println("   md5     " + toHexString(md5.digest()));

        System.out.println();

    }

    System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

    String line = reader.readLine().trim();

    int k;

    try {

        k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

    } catch (NumberFormatException e) {

        System.out.println("KeyStore not changed");

        return;

    }

    X509Certificate cert = chain[k];

    String alias = host + "-" + (k + 1);

    ks.setCertificateEntry(alias, cert);

    OutputStream out = new FileOutputStream("jssecacerts");

    ks.store(out, passphrase);

    out.close();

    System.out.println();

    System.out.println(cert);

    System.out.println();

    System.out.println

        ("Added certificate to keystore 'jssecacerts' using alias '"

        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

    StringBuilder sb = new StringBuilder(bytes.length * 3);

    for (int b : bytes) {

        b &= 0xff;

        sb.append(HEXDIGITS[b >> 4]);

        sb.append(HEXDIGITS[b & 15]);

        sb.append(' ');

    }

    return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

    private final X509TrustManager tm;

    private X509Certificate[] chain;

    SavingTrustManager(X509TrustManager tm) {

        this.tm = tm;

    }

    public X509Certificate[] getAcceptedIssuers() {

        throw new UnsupportedOperationException();

    }

    public void checkClientTrusted(X509Certificate[] chain, String authType)

        throws CertificateException {

        throw new UnsupportedOperationException();

    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)

        throws CertificateException {

        this.chain = chain;

        tm.checkServerTrusted(chain, authType);

    }

    }

}

2.执行 java InstallCert hostname 比如

java InstallCert ecc.fedora.redhat.com

会看到如下信息:

java InstallCert ecc.fedora.redhat.com

Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...

Opening connection to ecc.fedora.redhat.com:443...

Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)

	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)

	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)

	at InstallCert.main(InstallCert.java:63)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)

	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)

	at sun.security.validator.Validator.validate(Validator.java:203)

	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)

	at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)

	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)

	... 7 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)

	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)

	... 13 more

Server sent 2 certificate(s):

 1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US

   Issuer  CN=Certificate Shack, O=example.com, C=US

   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7

   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54 

 2 Subject CN=Certificate Shack, O=example.com, C=US

   Issuer  CN=Certificate Shack, O=example.com, C=US

   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6

   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68 

Enter certificate to add to trusted keystore or 'q' to quit: [1]

3.输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。将证书copy到$JAVA_HOME/jre/lib/security目录下,或者通过以下方式

System.setProperty("javax.net.ssl.trustStore", "D:\\UTA\\DOC_E_Health_XML\\Keystore\\jssecacerts");

注意:要重新启动你的应用服务器,因是静态加载,证书才能被运用上。

httpsClient抓取证书的更多相关文章

  1. Fiddler抓取https证书问题

    正常的使用方法  Fiddler 抓包工具总结    大部分问题的解决方案  fiddler4在win7抓取https的配置整理 像我脸一样黑的解决方案  Fiddler https 证书问题     ...

  2. fillder---安装证书(抓取https)

    1.fillder中设置如下(不用管为啥,按照这个设置就对了) 2.需要在手机上安装证书,有两种方式 方式一:fillder直接导出到手机中 方式二:手机上直接下载 打开手机自带浏览器:网址输入[XX ...

  3. Burp Suite 抓取http、https流量配置+CA证书安装

    HTTPS协议是为了数据传输安全的需要,在HTTP原有的基础上,加入了安全套接字层SSL协议,通过CA证书来验证服务器的身份,并对通信消息进行加密.基于HTTPS协议这些特性,我们在使用Burp Pr ...

  4. Mac charles 抓取https请求,安装证书后还是显示unknown

    https://blog.csdn.net/qq_23114525/article/details/81460840 1. 配置证书 2. 设置钥匙串信任 3. 设置手机代理 端口号需要对应设置的端口 ...

  5. burpsuite 抓取https 证书问题

    一定要按照步骤来,先导入burp初始证书到服务器,这时候初始证书是未验证的,然后导出为crt/cer文件(可能拼写错误,总之是正规证书后缀),再导入到机构. 要代理所有类型包括ssl的才能正常导入机构 ...

  6. fiddler中安装证书进行https协议的抓取

    Fiddler目前默认安装对http协议进行抓取但是对手机以及其他一些是https协议的通讯抓取需要配置. 电脑Fiddler设置: 1.首页我们要在fiddler中找到菜单栏的Tools > ...

  7. Fiddler抓取https请求,解决“证书错误”警告

    要抓取走HTTPS内容,Fiddler必须解密HTTPS流量. 但是,浏览器将会检查数字证书,并发现会话遭到窃听.为了骗过浏览 器,Fiddler通过使用另一个数字证书重新加密HTTPS流量. Fid ...

  8. Fiddler无法抓取HTTPS的问题,Fiddler证书无法安装终极解决方案,

    win7下Fiddler证书安装之后,总是无法抓取https的包:网上搜了很多方法都没解决问题,最终摸索解决方法如下: 第一步: 安装证书:到Fiddler的Tools-options-https下, ...

  9. brup安装证书抓取https

    brup安装证书抓取https 0x00下载 下载安装brup 前提是需要java环境 0X01配置brup 配置brup的代理设置 0X02设置浏览器 我使用的是火狐,以下都以火狐为例 0X03证书 ...

随机推荐

  1. 《锋利的jQuery》心得笔记--Two Sections

    第三章 1.    DOM操作(节点) 1)         查找节点可以查找元素节点和属性节点 2)         创建节点: (1)       创建元素节点 var addLi = $(“&l ...

  2. git 终端常输入命令

    cd 输入命令 ls 返回目录 git add . 相当于保存代码 git commit -m "" 相当于提交 get pull把服务器上代码拉回本地代码. get pust 刷 ...

  3. 关于getpw系列函数返回的静态区域

    首先说一下什么是getpw系列函数,它主要是指这些函数: 这些函数根据一个用户名(getpwnam和getpwnam_r两个函数)或者一个用户ID(getpwuid和getpwuid_r)来获取这个用 ...

  4. 主引导记录MBR

    作者:马 岩(Furzoom) (http://www.cnblogs.com/furzoom/)版权声明:本文的版权归作者与博客园共同所有.转载时请在明显地方注明本文的详细链接,未经作者同意请不要删 ...

  5. log tag

        Media Player MediaPlayerService     NuPlayerDecoder     NuPlayer      MediaFocusControl       Ac ...

  6. 启语外语培训网SEO历程

    网站开发完成已经好长时间了,但收录一直上不去,排名也上不去.我这篇文章主要是分析一下网站的SEO历程 网址:http://waiyupx.cheer-edu.net/School/School-5.h ...

  7. js----深入理解闭包

    闭包算是js里面比较不容易理解的点,尤其是对于没有编程基础的人来说. 其实闭包要注意的就那么几条,如果你都明白了那么征服它并不是什么难事儿.下面就让我们来谈一谈闭包的一些基本原理. 闭包的概念 一个闭 ...

  8. Laravel 5 基础(四)- Blade 简介

    在多个页面中我们可能包含相同的内容,像是文件头,链接的css或者js等.我们可以利用布局文件完成这个功能. 让我们新建一个布局文件,例如 views/layout.blade.php <!doc ...

  9. 笔记 php.ini配置文件中magic_quotes_gpc, magic_quotes_runtime的作用是什么?应该开启还是关闭?

    默认情况下,PHP 指令 magic_quotes_gpc 为 on,对所有的 GET.POST 和 COOKIE 数据自动运行 addslashes().不要对已经被 magic_quotes_gp ...

  10. How to modify Code Comments[AX2012]

    // This is a framework class. Customizing this class may cause problems with future upgrades to the ...