无法找到到所请求目标的有效认证路径

huangapple go评论141阅读模式
英文:

unable to find a valid certification path to requested target

问题

我正在使用restTemplate进行POST请求,但出现了以下错误:无法找到到请求目标的有效认证路径

org.springframework.beans.factory.BeanCreationException: 创建bean时出错名称为'transformToListClass'的bean: 调用初始化方法失败嵌套异常是java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: POST请求' "https://emploenefitsdev/rion/v1/rion/" '时发生I/O错误sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径嵌套异常是javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

由于: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: POST请求' "https://emploenefitsdev/rion/v1/rion/" '时发生I/O错误sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径嵌套异常是javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

由于: org.springframework.web.client.ResourceAccessException: POST请求' "https://emploenefitsdev/rion/v1/rion/" '时发生I/O错误sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径嵌套异常是javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

由于: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

由于: sun.security.validator.ValidatorException: PKIX路径构建失败sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

由于: sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径

以下是我的方法:

    public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
        try {
            ImageDescriptor descriptor = new ImageDescriptor();

            String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
            String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);

            log.info("payload" + payLoad);

            ResponseEntity<Resource> responseEntity = restTemplate.exchange(
                    eURL,
                    HttpMethod.POST,
                    niService.getStringHttpEntityWithPayload(payLoad),
                    Resource.class);
            log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
            descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());

            convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");

            log.info("file is:" + convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));

            return descriptor;
        } catch (IOException e) {
            e.printStackTrace();
            log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
            throw new RuntimeException(e);
        }
    }
英文:

I am making a post request using a restTemplate and I am getting the following error: unable to find a valid certification path to requested target

org.springframework.beans.factory.BeanCreationException: Error creating bean with name &#39;transformToListClass&#39;: Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for &quot;https://emploenefitsdev/rion/v1/rion/&quot;: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for &quot;https://emploenefitsdev/rion/v1/rion/&quot;: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for &quot;https://emploenefitsdev/rion/v1/rion/&quot;: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

And my method below:

    public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
        try {
            ImageDescriptor descriptor = new ImageDescriptor();

            String myEUrl = &quot;https://emploenefitsdev/rion/v1/rion/&quot;;
            String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);

            log.info(&quot;payload&quot; + payLoad);

            ResponseEntity&lt;Resource&gt; responseEntity = restTemplate.exchange(
                    eURL,
                    HttpMethod.POST,
                    niService.getStringHttpEntityWithPayload(payLoad),
                    Resource.class);
            log.info(String.format(&quot;%s generateImage Result: [%s] &quot;, slogPrefix, responseEntity.getStatusCode()));
            descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());

            convert(responseEntity.getBody().getInputStream(), &quot;sherrr.pdf&quot;);

            log.info(&quot;file is:&quot;+ convert(responseEntity.getBody().getInputStream(), &quot;sherrr.pdf&quot;));


            return descriptor;
        } catch (IOException e) {
            e.printStackTrace();
            log.error(&quot;Error: &quot; + slogPrefix + &quot; generate image failed &quot; + e.getMessage());
            throw new RuntimeException(e);
        }
    }

答案1

得分: 30

请求在客户端到服务器的连接中失败。失败的原因是客户端无法验证服务器的身份/证书。在客户端-服务器握手过程中,客户端需要发行者/根证书来验证服务器的身份。大多数由知名可信任机构发布的根证书都随着JDK一起提供,并且存在于名为cacerts的密钥库文件中。

让我们谈谈你的情况。它可能属于以下几种情况之一。

  • 服务器正在使用由根证书颁发机构签发的证书,但其根和中间证书在JDK中不存在。
  • 服务器正在使用由内部CA签发的证书。
  • 服务器正在使用自签名证书。

您需要将根和中间证书添加到Java cacerts密钥库中。

一种获得根和中间证书的方法是通过在浏览器中访问服务器站点。点击URL栏中的安全锁图标,然后探索证书选项。您需要使用复制选项导出根和中间证书,并将证书文件保存到您的系统上。

前往例如:C:\Program Files\Java\jdk1.8.0_121\jre\lib\security,在那里找到cacerts并打开命令提示符来执行以下命令。

keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts

默认密码是changeit

英文:

The request is failing while making a connection from client to the server. The reason behind the failure is client inability to validate the server's identity/certificate. During the client-server handshaking process, the client needs issuer/root certificates to validate the server's identity. Most of the root certificates issued from well-known trusted authorities are shipped with the JDK, and present in the Keystore file, called cacerts.

Let's talk about your case. It could potentially fall into one of the following categories.

  • Server is using certificate issued from the certificate authority whose root and intermediate certificates are not present in the JDK.
  • Server is using a certificate issued from in house CA.
  • Server is using a self-signed certificate.

You need to add the root and intermediate certificates to the java cacerts key store.

One way to obtain the root and intermediate certificates by visiting the server site in the browser. Click on the secure lock pad in the url bar and explore the certificate option. You need to export the root and intermediate certificate by using the copy option and save the cert file on your system.

Go to the location eg: C:\Program Files\Java\jdk1.8.0_121\jre\lib\security where the cacerts is present and open the command prompt to execute the following command.

keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts

The default password is changeit

答案2

得分: 0

如果 cacerts 包括根 CA 证书,但仍然出现错误,请确保您的 Java 程序选择了正确的密钥库。可能会出现它选择了除 cacerts 之外的另一个密钥库。

英文:

If cacerts include the Root CA certificate and still you see the error, ensure that your java program is picking up the correct keystore. It can happen that it is picking up another keystore other than cacerts.

huangapple
  • 本文由 发表于 2020年8月19日 15:52:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/63482370.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定