最近有公司pop3协议接收pp邮箱出现异常,连不上服务器,错误内容:

e: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

经过检查确认,完整的异常信息应该如下:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

问题的根本是:

缺少安全证书时出现的异常。

解决问题方法:

本人使用代码方式获取相应的证书

以下是获取安全证书的一种方法,通过以下程序获取安全证书:

  1. /*
  2. * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. *   - Redistributions of source code must retain the above copyright
  9. *     notice, this list of conditions and the following disclaimer.
  10. *
  11. *   - Redistributions in binary form must reproduce the above copyright
  12. *     notice, this list of conditions and the following disclaimer in the
  13. *     documentation and/or other materials provided with the distribution.
  14. *
  15. *   - Neither the name of Sun Microsystems nor the names of its
  16. *     contributors may be used to endorse or promote products derived
  17. *     from this software without specific prior written permission.
  18. *
  19. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  20. * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  21. * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  22. * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  23. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  24. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  25. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  26. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  27. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  28. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  29. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30. */
  31. import java.io.BufferedReader;
  32. import java.io.File;
  33. import java.io.FileInputStream;
  34. import java.io.FileOutputStream;
  35. import java.io.InputStream;
  36. import java.io.InputStreamReader;
  37. import java.io.OutputStream;
  38. import java.security.KeyStore;
  39. import java.security.MessageDigest;
  40. import java.security.cert.CertificateException;
  41. import java.security.cert.X509Certificate;
  42. import javax.net.ssl.SSLContext;
  43. import javax.net.ssl.SSLException;
  44. import javax.net.ssl.SSLSocket;
  45. import javax.net.ssl.SSLSocketFactory;
  46. import javax.net.ssl.TrustManager;
  47. import javax.net.ssl.TrustManagerFactory;
  48. import javax.net.ssl.X509TrustManager;
  49. public class InstallCert {
  50. public static void main(String[] args) throws Exception {
  51. String host;
  52. int port;
  53. char[] passphrase;
  54. if ((args.length == 1) || (args.length == 2)) {
  55. String[] c = args[0].split(":");
  56. host = c[0];
  57. port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
  58. String p = (args.length == 1) ? "changeit" : args[1];
  59. passphrase = p.toCharArray();
  60. } else {
  61. System.out
  62. .println("Usage: java InstallCert <host>[:port] [passphrase]");
  63. return;
  64. }
  65. File file = new File("jssecacerts");
  66. if (file.isFile() == false) {
  67. char SEP = File.separatorChar;
  68. File dir = new File(System.getProperty("java.home") + SEP + "lib"
  69. + SEP + "security");
  70. file = new File(dir, "jssecacerts");
  71. if (file.isFile() == false) {
  72. file = new File(dir, "cacerts");
  73. }
  74. }
  75. System.out.println("Loading KeyStore " + file + "...");
  76. InputStream in = new FileInputStream(file);
  77. KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  78. ks.load(in, passphrase);
  79. in.close();
  80. SSLContext context = SSLContext.getInstance("TLS");
  81. TrustManagerFactory tmf = TrustManagerFactory
  82. .getInstance(TrustManagerFactory.getDefaultAlgorithm());
  83. tmf.init(ks);
  84. X509TrustManager defaultTrustManager = (X509TrustManager) tmf
  85. .getTrustManagers()[0];
  86. SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
  87. context.init(null, new TrustManager[] { tm }, null);
  88. SSLSocketFactory factory = context.getSocketFactory();
  89. System.out
  90. .println("Opening connection to " + host + ":" + port + "...");
  91. SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
  92. socket.setSoTimeout(10000);
  93. try {
  94. System.out.println("Starting SSL handshake...");
  95. socket.startHandshake();
  96. socket.close();
  97. System.out.println();
  98. System.out.println("No errors, certificate is already trusted");
  99. } catch (SSLException e) {
  100. System.out.println();
  101. e.printStackTrace(System.out);
  102. }
  103. X509Certificate[] chain = tm.chain;
  104. if (chain == null) {
  105. System.out.println("Could not obtain server certificate chain");
  106. return;
  107. }
  108. BufferedReader reader = new BufferedReader(new InputStreamReader(
  109. System.in));
  110. System.out.println();
  111. System.out.println("Server sent " + chain.length + " certificate(s):");
  112. System.out.println();
  113. MessageDigest sha1 = MessageDigest.getInstance("SHA1");
  114. MessageDigest md5 = MessageDigest.getInstance("MD5");
  115. for (int i = 0; i < chain.length; i++) {
  116. X509Certificate cert = chain[i];
  117. System.out.println(" " + (i + 1) + " Subject "
  118. + cert.getSubjectDN());
  119. System.out.println("   Issuer  " + cert.getIssuerDN());
  120. sha1.update(cert.getEncoded());
  121. System.out.println("   sha1    " + toHexString(sha1.digest()));
  122. md5.update(cert.getEncoded());
  123. System.out.println("   md5     " + toHexString(md5.digest()));
  124. System.out.println();
  125. }
  126. System.out
  127. .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
  128. String line = reader.readLine().trim();
  129. int k;
  130. try {
  131. k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
  132. } catch (NumberFormatException e) {
  133. System.out.println("KeyStore not changed");
  134. return;
  135. }
  136. X509Certificate cert = chain[k];
  137. String alias = host + "-" + (k + 1);
  138. ks.setCertificateEntry(alias, cert);
  139. OutputStream out = new FileOutputStream("jssecacerts");
  140. ks.store(out, passphrase);
  141. out.close();
  142. System.out.println();
  143. System.out.println(cert);
  144. System.out.println();
  145. System.out
  146. .println("Added certificate to keystore 'jssecacerts' using alias '"
  147. + alias + "'");
  148. }
  149. private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
  150. private static String toHexString(byte[] bytes) {
  151. StringBuilder sb = new StringBuilder(bytes.length * 3);
  152. for (int b : bytes) {
  153. b &= 0xff;
  154. sb.append(HEXDIGITS[b >> 4]);
  155. sb.append(HEXDIGITS[b & 15]);
  156. sb.append(' ');
  157. }
  158. return sb.toString();
  159. }
  160. private static class SavingTrustManager implements X509TrustManager {
  161. private final X509TrustManager tm;
  162. private X509Certificate[] chain;
  163. SavingTrustManager(X509TrustManager tm) {
  164. this.tm = tm;
  165. }
  166. public X509Certificate[] getAcceptedIssuers() {
  167. throw new UnsupportedOperationException();
  168. }
  169. public void checkClientTrusted(X509Certificate[] chain, String authType)
  170. throws CertificateException {
  171. throw new UnsupportedOperationException();
  172. }
  173. public void checkServerTrusted(X509Certificate[] chain, String authType)
  174. throws CertificateException {
  175. this.chain = chain;
  176. tm.checkServerTrusted(chain, authType);
  177. }
  178. }
  179. }

编译InstallCert.java,然后执行:java InstallCert hostname,比如:
java InstallCert www.twitter.com
会看到如下信息:

  1. java InstallCert www.twitter.com
  2. Loading KeyStore /usr/java/jdk1.6.0_16/jre/lib/security/cacerts...
  3. Opening connection to www.twitter.com:443...
  4. Starting SSL handshake...
  5. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  6. at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  7. at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
  8. at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  9. at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  10. at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
  11. at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
  12. at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
  13. at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
  14. at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
  15. at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
  16. at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
  17. at InstallCert.main(InstallCert.java:63)
  18. Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  19. at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
  20. at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
  21. at sun.security.validator.Validator.validate(Validator.java:203)
  22. at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
  23. at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
  24. at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
  25. at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
  26. ... 7 more
  27. Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  28. at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
  29. at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
  30. at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
  31. ... 13 more
  32. Server sent 2 certificate(s):
  33. 1 Subject CN=www.twitter.com, O=example.com, C=US
  34. Issuer  CN=Certificate Shack, O=example.com, C=US
  35. sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7
  36. md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54
  37. 2 Subject CN=Certificate Shack, O=example.com, C=US
  38. Issuer  CN=Certificate Shack, O=example.com, C=US
  39. sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6
  40. md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68
  41. Enter certificate to add to trusted keystore or 'q' to quit: [1]

运行时可这样设置参数:如MyEclipse在这个类上右键,然后选择Arguments选项,在Program arguments里面输入:pop.qq.com:995(“:”前面是域名,后面是端口号)
输入1,回车,然后会在当前的目录下产生一个名为“jssecacerts的证书。

将证书拷贝到$JAVA_HOME/jre/lib/security目录下,或者通过以下方式:
System.setProperty("javax.net.ssl.trustStore", "你的jssecacerts证书路径");

备注:1.本来想把生成的证书名称“jssecacerts”改为别的,但只要改成别的生成的东西就不好使。

         2.System.setProperty("javax.net.ssl.trustStore", "你的jssecacerts证书路径")这种方式导入证书查资料发现假如需要导入多个证书时会有冲突

         3.

Pop3_解决PKIX:unable to find valid certification path to requested target 的问题的更多相关文章

  1. PKIX: unable to find valid certification path to requested target

    // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = n ...

  2. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  3. 解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target

    最近在写java的一个服务,需要给远程服务器发送post请求,认证方式为Basic Authentication,在请求过程中出现了 PKIX path building failed: sun.se ...

  4. 解决PKIX:unable to find valid certification path to requested target 的问题

    这两天在twitter服务器上忽然遇到这样的异常: e: sun.security.validator.ValidatorException: PKIX path building failed: s ...

  5. https编程遇到PKIX:unable to find valid certification path to requested target 的问题

    https编程遇到PKIX:unable to find valid certification path to requested target 的问题 2016-12-01 解决方案见:解决PKI ...

  6. 解决flutter:unable to find valid certification path to requested target 的问题

    1.问题 周末在家想搞搞flutter,家里电脑是windows的,按照官网教程一步步安装好以后,创建flutter工程,点击运行,一片红色弹出来,WTF? PKIX path building fa ...

  7. Maven:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    还是记录使用 maven 时遇到的问题. 一.maven报错 maven package 进行打包时出现了以下报错: Non-resolvable parent POM for com.wpbxin: ...

  8. Flutter配置环境报错“PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

    背景:最近看了很多Flutter漂亮的项目,想要尝试一下.所有环境都搭建好之后,按照文档一步一步配置(抄袭),但始终报如下图错误. PKIX path building failed: sun.sec ...

  9. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    注:网上搜来的快照,暂未验证 在java代码中请求https链接的时候,可能会报下面这个错误javax.net.ssl.SSLHandshakeException: sun.security.vali ...

随机推荐

  1. 开个坑, 写个阿里云开放储存服务(OSS)的C++版SDK以及客户端

    这应该是继我研究手册QQ协议后的第2个稍微正式一点的网络程序, 不只是Scoket套接字编程, 还涉及到更多的HTTP协议知识! 阿里云开放储存服务OSS官方已经提供了不少SDK, 包括PHP/Pyt ...

  2. log4j设置日志格式为UTF-8

    想要log4j输出的日志文件的编码格式为UTF-8.正常情况下只需要添加下述的代码即可: log4j.appender.appender_name.Encoding=UTF-8 但是在spring与l ...

  3. less2

    less2 @base-color: #000; @fore-color: darken(@base-color, 50%); @back-color: lighten(@base-color, 50 ...

  4. 初探数位DP-hdu2089

    一开始刷dp就遇到了数位dp,以前程序设计艺术上看过一点,基本没懂,于是趁今天遇到题目,想把它搞会,但就目前状态来看仍然是似懂非懂啊,以后还要反复搞 统计区间[l,r]的满足题意的数的个数,可以转换成 ...

  5. ok6410,mmu,内存管理

    MMU 一.MMU学习 MMU其实就是一个页表.将虚拟地址通过查表的方式,对应到物理地址去他由一个或一组芯片组成,一般存在与协处理器中. 1.将虚拟地址转化为物理地址 2.访问权限管理 1.1得出mm ...

  6. python-logging-日志系统

    有时候需要记录日志,典型的出现在web程序或者服务器中,需要与正在运行的程序交互或者得知里面正在运行的信息 最近在倒腾webservice,使用spyne模块进行打包服务,很多实例代码也都用到了这个l ...

  7. merge布局

    当LayoutInflater遇到这个标签时,它会跳过它,并将<merge />内的元素添加到<merge />的父元素里.迷惑了吗?让我们用<merge />来替 ...

  8. Linux编程(3) MakeFile

    1. 在Linux中,make工具可以维护程序模块关系和生成可执行程序.它可根据程序模块的修改情况重新编译链接生成中间代码或最终的可执行程序.执行make命令,需要一个名为Makefile的文本文件, ...

  9. ITOO 第一个任务,新建界面

    最近我们已经接手了我们传承的的ITOO项目,虽然现在还是学习阶段,但是总是还有一些可以完成的东西的.通过需求学习阶段,对照给的原型,逐渐的我们发现了各种各样的问题,有的是根据个人性格有关,有的是对需求 ...

  10. Js图片切换

    <!DOCTYPE html><html<head> <meta charset="UTF-8"> <title></t ...