一,首先,解决unable to find valid certification path to requested target的问题。

其实就是要生成证书, 让tomcat读取证书

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out

                    .println("Usage: java InstallCert <host>[:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib"

                    + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory

                .getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf

                .getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out

                .println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(

                System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject "

                    + cert.getSubjectDN());

            System.out.println("   Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("   sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("   md5     " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out

                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out

                .println("Added certificate to keystore 'jssecacerts' using alias '"

                        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }

        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            throw new UnsupportedOperationException();

        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }

    }

}

  在把证书放到$JAVA_HOME/jre/lib/security目录下

要么就是在浏览器里面打开网站的证书, 导出来上传到服务器上, 然后导入到tomcat默认的cacerts

二,然后, 如果问题未解决出现“Certificate doesn't match any of the subject alternative names”

这时候, 需要改造代码

a. 方案1:使用HttpURLConnection 请求https地址, 例子如下:

import java.net.HttpURLConnection;

public static HttpURLConnection connectToWeb(String uri) {

    HttpURLConnection connection = null;

    try {

        URL url = new URL(uri);

        connection = (HttpURLConnection) url.openConnection();

        connection.setRequestMethod("GET");

        connection.connect();

    } catch (MalformedURLException ex) {

        ex.printStackTrace();

    } catch (IOException ex) {

        ex.printStackTrace();

    }

    return connection;

}

b.方案2:使用SSLConnectionSocketFactory,例子如下:

public static CloseableHttpClient createSSLClientDefault() {

        CloseableHttpClient client = null;

        try {

            SSLContext sslContext = null;

            sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {

                @Override

                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {

                    return true;

                }

            }).build();

            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);//这里的红色部分

            client = HttpClients.custom().setSSLSocketFactory(sslsf).build();

        } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {

            e.printStackTrace();

        }

        return client;

    }

  

Tomcat应用访问SSL或https失败的解决办法的更多相关文章

  1. 数据库无法访问,用户 NT AUTHORITY/SYSTEM或NT AUTHORITY\NETWORK SERVICE登录失败的解决办法

    问题:win7中的在IIS 7.0中,在 Default Web Site 目录下挂一虚拟目录. 在相应的应用程序池 DefaultAppPool 设置标识设置成NetworkService. 但是打 ...

  2. tomcat启动失败的解决办法

    初次安装tomcat启动失败的解决办法: 1.CATALINA_HOME    C:\Program Files\apache-tomcat-8.5.242.path  %CATALINA_HOME% ...

  3. Windows开启关闭测试模式的方法(含开启测试模式失败的解决办法)

    前言:           内含:Windows开启关闭测试模式的方法.开启测试模式失败的解决办法.win10进入bios的方式.BitLocker恢复方式.           对于互联网从业者来说 ...

  4. LoadLibrary加载动态库失败的解决办法

    from:http://blog.sina.com.cn/s/blog_62ad1b8101017qub.html 若DLL不在调用方的同一目录下,可以用LoadLibrary(L"DLL绝 ...

  5. Data Base sqlServer sa用户登陆失败的解决办法

    sqlserver sa用户登陆失败的解决办法 如下图以此模仿: 1.右键-属性 2.找到安全: 3.勾选如图: 4.sa用户密码重置: 5.服务重启:

  6. 微信公众平台Token验证失败的解决办法

    微信公众平台Token验证失败的解决办法 1.可查看url和token是否正确 2.查看服务器端口是否为80端口 3.你可以通过记录log日志来判断是否接受到微信提交过来的信息 1.$fp=fopen ...

  7. Sql Server 2008 卸载重新安装失败的解决办法!(多次偿试,方法均有效!)

    Sql Server 2008 卸载重新安装失败的解决办法!(多次偿试,方法均有效!) 1.控制面板中卸载所有带sql server的程序. 2.在C盘C:\Program Files中sqlserv ...

  8. npm install 错误 安装 chromedriver 失败的解决办法

    npm 安装 chromedriver 失败的解决办法npm 安装 chromedriver 时,偶尔会出错,错误提示类似于:npm ERR! chromedriver@2.35.0 install: ...

  9. WCF传输过大的数据导致失败的解决办法

    WCF传输过大的数据导致失败的解决办法   WCF服务默认是不配置数据传输的限制大小的,那么默认的大小好像是65535B,这才65KB左右,如果希望传输更大一些的数据呢,就需要手动指定一下缓冲区的大小 ...

随机推荐

  1. 关于Jmeter+Ant+Jenkins作为接口、性能自动化框架的误区

    说明:Apach-Jmeter有完善的桌面客户端,关联数据的处方方式,各种参数化的方式,各种Jar包的扩展,也可以用作抓包工具使用,当然最重要的是它是[开源!开源!开源!],重要的事说三遍,目前也有基 ...

  2. C#将HTML代码转换为图片

    前端通过富文本控件接收到了一段html代码,后端想通过图片的形式展示到另外的地方,这种情况怎么处理呢.直接上代码: using System; using System.Collections.Gen ...

  3. Delphi下Treeview控件基于节点编号的访问

    有时我们需要保存和重建treeview控件,本文提供一种方法,通过以树结构节点的编号访问树结构,该控件主要提供的方法如下:      function GetGlobeNumCode(inNode:T ...

  4. 【Leetcode_easy】796. Rotate String

    problem 796. Rotate String solution1: class Solution { public: bool rotateString(string A, string B) ...

  5. 【Leetcode_easy】665. Non-decreasing Array

    problem 665. Non-decreasing Array 题意:是否能够将数组转换为非减数组. solution: 难点在于理解如何对需要修改的元素进行赋值: class Solution ...

  6. linux下的进程间通信之共享内存

    概念:这种机制允许两个或多个进程通过把公共数据结构放入一个共享内存区来访问它们.如果进程要访问这种数据结构所在的共享内存区,就必须在自己的地址空间中增加一个新线性区,新线性区映射与这个共享内存区相关的 ...

  7. 最新 二六三网络通信java校招面经 (含整理过的面试题大全)

    从6月到10月,经过4个月努力和坚持,自己有幸拿到了网易雷火.京东.去哪儿. 二六三网络通信等10家互联网公司的校招Offer,因为某些自身原因最终选择了 二六三网络通信.6.7月主要是做系统复习.项 ...

  8. easyui-numberspinner实现双箭头效果

    效果图: 实现了 [点击左上角 输入框的值加 0.5] [ 左下角 值减0.5 ] [ 右上角点击 值加1] [ 右下角点击 值减1] 代码: <span style="positio ...

  9. 学习笔记:yaml语言教程

    目录 1.YAML基本概念 1.1 简介 1.2 基本语法 1.3 支持的数据结构: 1.4 注意点 2.数据结构 2.1 字典 2.2 数组 2.3 纯量 2.4 强制类型转换,双! 2.5 字符串 ...

  10. c#,简单的冒泡排序

    冒泡排序 ,,,,,,,,,}; //bool IsSort; //do //{ // IsSort = true; // for (int i = 0; i < Nums.Length - 1 ...