在执行webservice的过程中,出现如下异常:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

这是缺少安全证书时出现的异常,解决方案就是将你要访问的webservice的安全认证证书导入到客户端即可。以下是获取安全证书的一种方法

1,写一个程序专门获取安全证书,参考InstallCert.java:

/*

 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *   - Redistributions of source code must retain the above copyright

 *     notice, this list of conditions and the following disclaimer.

 *

 *   - Redistributions in binary form must reproduce the above copyright

 *     notice, this list of conditions and the following disclaimer in the

 *     documentation and/or other materials provided with the distribution.

 *

 *   - Neither the name of Sun Microsystems nor the names of its

 *     contributors may be used to endorse or promote products derived

 *     from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

import java.io.*;

import java.net.URL;

import java.security.*;

import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {

    String host;

    int port;

    char[] passphrase;

    if ((args.length == 1) || (args.length == 2)) {

        String[] c = args[0].split(":");

        host = c[0];

        port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

        String p = (args.length == 1) ? "changeit" : args[1];

        passphrase = p.toCharArray();

    } else {

        System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");

        return;

    }

    File file = new File("jssecacerts");

    if (file.isFile() == false) {

        char SEP = File.separatorChar;

        File dir = new File(System.getProperty("java.home") + SEP

            + "lib" + SEP + "security");

        file = new File(dir, "jssecacerts");

        if (file.isFile() == false) {

        file = new File(dir, "cacerts");

        }

    }

    System.out.println("Loading KeyStore " + file + "...");

    InputStream in = new FileInputStream(file);

    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    ks.load(in, passphrase);

    in.close();

    SSLContext context = SSLContext.getInstance("TLS");

    TrustManagerFactory tmf =

        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

    tmf.init(ks);

    X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];

    SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

    context.init(null, new TrustManager[] {tm}, null);

    SSLSocketFactory factory = context.getSocketFactory();

    System.out.println("Opening connection to " + host + ":" + port + "...");

    SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

    socket.setSoTimeout(10000);

    try {

        System.out.println("Starting SSL handshake...");

        socket.startHandshake();

        socket.close();

        System.out.println();

        System.out.println("No errors, certificate is already trusted");

    } catch (SSLException e) {

        System.out.println();

        e.printStackTrace(System.out);

    }

    X509Certificate[] chain = tm.chain;

    if (chain == null) {

        System.out.println("Could not obtain server certificate chain");

        return;

    }

    BufferedReader reader =

        new BufferedReader(new InputStreamReader(System.in));

    System.out.println();

    System.out.println("Server sent " + chain.length + " certificate(s):");

    System.out.println();

    MessageDigest sha1 = MessageDigest.getInstance("SHA1");

    MessageDigest md5 = MessageDigest.getInstance("MD5");

    for (int i = 0; i < chain.length; i++) {

        X509Certificate cert = chain[i];

        System.out.println

            (" " + (i + 1) + " Subject " + cert.getSubjectDN());

        System.out.println("   Issuer  " + cert.getIssuerDN());

        sha1.update(cert.getEncoded());

        System.out.println("   sha1    " + toHexString(sha1.digest()));

        md5.update(cert.getEncoded());

        System.out.println("   md5     " + toHexString(md5.digest()));

        System.out.println();

    }

    System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

    String line = reader.readLine().trim();

    int k;

    try {

        k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

    } catch (NumberFormatException e) {

        System.out.println("KeyStore not changed");

        return;

    }

    X509Certificate cert = chain[k];

    String alias = host + "-" + (k + 1);

    ks.setCertificateEntry(alias, cert);

    OutputStream out = new FileOutputStream("jssecacerts");

    ks.store(out, passphrase);

    out.close();

    System.out.println();

    System.out.println(cert);

    System.out.println();

    System.out.println

        ("Added certificate to keystore 'jssecacerts' using alias '"

        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

    StringBuilder sb = new StringBuilder(bytes.length * 3);

    for (int b : bytes) {

        b &= 0xff;

        sb.append(HEXDIGITS[b >> 4]);

        sb.append(HEXDIGITS[b & 15]);

        sb.append(' ');

    }

    return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

    private final X509TrustManager tm;

    private X509Certificate[] chain;

    SavingTrustManager(X509TrustManager tm) {

        this.tm = tm;

    }

    public X509Certificate[] getAcceptedIssuers() {

        throw new UnsupportedOperationException();

    }

    public void checkClientTrusted(X509Certificate[] chain, String authType)

        throws CertificateException {

        throw new UnsupportedOperationException();

    }

    public void checkServerTrusted(X509Certificate[] chain, String authType)

        throws CertificateException {

        this.chain = chain;

        tm.checkServerTrusted(chain, authType);

    }

    }

}

2.执行 java InstallCert hostname 比如

java InstallCert ecc.fedora.redhat.com

会看到如下信息:

java InstallCert ecc.fedora.redhat.com

Loading KeyStore /usr/jdk/instances/jdk1.5.0/jre/lib/security/cacerts...

Opening connection to ecc.fedora.redhat.com:443...

Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)

	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)

	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)

	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)

	at InstallCert.main(InstallCert.java:63)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)

	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)

	at sun.security.validator.Validator.validate(Validator.java:203)

	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)

	at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)

	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)

	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)

	... 7 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)

	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)

	... 13 more

Server sent 2 certificate(s):

 1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US

   Issuer  CN=Certificate Shack, O=example.com, C=US

   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7

   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54 

 2 Subject CN=Certificate Shack, O=example.com, C=US

   Issuer  CN=Certificate Shack, O=example.com, C=US

   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6

   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68 

Enter certificate to add to trusted keystore or 'q' to quit: [1]

3.输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。将证书copy到$JAVA_HOME/jre/lib/security目录下,或者通过以下方式

System.setProperty("javax.net.ssl.trustStore", "D:\\UTA\\DOC_E_Health_XML\\Keystore\\jssecacerts");

注意:要重新启动你的应用服务器,因是静态加载,证书才能被运用上。

httpsClient抓取证书的更多相关文章

  1. Fiddler抓取https证书问题

    正常的使用方法  Fiddler 抓包工具总结    大部分问题的解决方案  fiddler4在win7抓取https的配置整理 像我脸一样黑的解决方案  Fiddler https 证书问题     ...

  2. fillder---安装证书(抓取https)

    1.fillder中设置如下(不用管为啥,按照这个设置就对了) 2.需要在手机上安装证书,有两种方式 方式一:fillder直接导出到手机中 方式二:手机上直接下载 打开手机自带浏览器:网址输入[XX ...

  3. Burp Suite 抓取http、https流量配置+CA证书安装

    HTTPS协议是为了数据传输安全的需要,在HTTP原有的基础上,加入了安全套接字层SSL协议,通过CA证书来验证服务器的身份,并对通信消息进行加密.基于HTTPS协议这些特性,我们在使用Burp Pr ...

  4. Mac charles 抓取https请求,安装证书后还是显示unknown

    https://blog.csdn.net/qq_23114525/article/details/81460840 1. 配置证书 2. 设置钥匙串信任 3. 设置手机代理 端口号需要对应设置的端口 ...

  5. burpsuite 抓取https 证书问题

    一定要按照步骤来,先导入burp初始证书到服务器,这时候初始证书是未验证的,然后导出为crt/cer文件(可能拼写错误,总之是正规证书后缀),再导入到机构. 要代理所有类型包括ssl的才能正常导入机构 ...

  6. fiddler中安装证书进行https协议的抓取

    Fiddler目前默认安装对http协议进行抓取但是对手机以及其他一些是https协议的通讯抓取需要配置. 电脑Fiddler设置: 1.首页我们要在fiddler中找到菜单栏的Tools > ...

  7. Fiddler抓取https请求,解决“证书错误”警告

    要抓取走HTTPS内容,Fiddler必须解密HTTPS流量. 但是,浏览器将会检查数字证书,并发现会话遭到窃听.为了骗过浏览 器,Fiddler通过使用另一个数字证书重新加密HTTPS流量. Fid ...

  8. Fiddler无法抓取HTTPS的问题,Fiddler证书无法安装终极解决方案,

    win7下Fiddler证书安装之后,总是无法抓取https的包:网上搜了很多方法都没解决问题,最终摸索解决方法如下: 第一步: 安装证书:到Fiddler的Tools-options-https下, ...

  9. brup安装证书抓取https

    brup安装证书抓取https 0x00下载 下载安装brup 前提是需要java环境 0X01配置brup 配置brup的代理设置 0X02设置浏览器 我使用的是火狐,以下都以火狐为例 0X03证书 ...

随机推荐

  1. <img>元素底部为何有空白?

    原因: 图片文字等inline元素默认是和父级元素的baseline对齐的,即:vertical-align 的默认值是 baseline:而baseline又和父级底边bottom有一定距离: im ...

  2. 10+ powerful debugging tricks with Visual Studio

    10+ powerful debugging tricks with Visual Studio Original link : http://www.codeproject.com/Articles ...

  3. 观察者模式(Observer)

    观察者模式是经常使用到的一种设计模式,在我们的生活中也经常遇到,小到学校上学让同学帮忙看着老师有没有过来,在教室里做一些与学习无关的事情,大到股市里面我们遇到的,到股票涨到或者跌到一定程度的时候通知我 ...

  4. git 终端常输入命令

    cd 输入命令 ls 返回目录 git add . 相当于保存代码 git commit -m "" 相当于提交 get pull把服务器上代码拉回本地代码. get pust 刷 ...

  5. 【风马一族_Python】 更替pip的版本

    替换电脑上python中的pip的版本 例子: 下载的文件:pip-8.1.1-py2.py3-none-any.whl 下载地址:https://pypi.python.org/pypi/pip/# ...

  6. mongodb的常用操作(二)

    继续mongodb的学习: 9.mongodb条件查询 假设有user集合,里面结构如下:{ "_id" : ObjectId("52ab35d281181f853264 ...

  7. laravel框架少见方法详解

    1.whereDate() 方法 $q->where('created_at', '>=', date('Y-m-d').' 00:00:00')); 以前查数据时,直接用where条件来 ...

  8. CSS3 animation小动画

    <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http ...

  9. 动画气泡指示当前滑动值--第三方开源--DiscreteSeekbar

    DiscreteSeekbar在github上的项目主页是:https://github.com/AnderWeb/discreteSeekBar DiscreteSeekbar可以自定制的属性很多, ...

  10. Ubuntu12.10编译openwrt遇到的错误

    由于Openwrt有很多工具是要先编译的,在Ubuntu12.10平台下编译openwrt时就遇到了下面这样的错误:elf.cpp: In static member function 'static ...