Java应用调用外部API时显示PKIX路径构建失败

huangapple go评论77阅读模式
英文:

Java application show PKIX path building failed when calling external api

问题

我的应用程序正在运行,用于从一个https网站上获取数据,比如说https://api.something.com。

当我使用Apache HttpClient调用时,使用HttpClients.createDefault()方法,它返回上述错误,显示PKIX路径构建失败。

即使我使用Postman调用该API,我仍然需要禁用SSL证书验证才能使调用成功。

我的问题是:

  1. 这是一种单向SSL验证吗?因为我没有向该域提交数据,我只是从中提取数据。所以服务器不需要知道我是谁。但我可以确定我确实调用了那个服务器,并且API响应也来自该域(没有中间人)。我的概念正确吗?

  2. 那么,要解决这个问题,我可以只使用一个虚拟的SSL上下文吗?

非常感谢。

英文:

My application is running for fetch data from a website with https:
let say
https://api.something.com

When I call with Apache HttpClient using HttpClients.createDefault();

It return the above error show PKIX path building failed.

Even I use Postman to call the api. I still need to disable SSL certification verification to make the call success.

My question is:

  1. Is this is a one way ssl verification? because I don't post data to that domain. I only pull data from it. So server don't have to know who I am. But I can know that's exactly the server I call, and api response is from that domain as well (no middle man). Is my concept correct?

  2. So to resolve this problem, can I just use a dummy sslContext?

thanks a lot

答案1

得分: 0

是的,这可能是一种 TLS 方式,但您应该在 Java(或其他客户端)的信任存储中拥有颁发服务器证书的 CA 的证书,以建立 SSL 连接。

英文:

Yes it may be one way TLS but you should have the certificate of CA that issued the certificate of your server in your trust store in java (or other client) to have SSL connection.

huangapple
  • 本文由 发表于 2020年10月19日 17:22:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/64424500.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定