Ignore SSL Certificate in a Servlet

后端 未结 3 1129
忘掉有多难
忘掉有多难 2021-02-19 04:21

I am getting the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro         


        
3条回答
  •  孤独总比滥情好
    2021-02-19 04:23

    Is the website certificate issued by a private/company-owned CA or is it a self-signed?

    ... new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() ...
    
    • Trustore is null:
      Did you try to load a keystore/file containing the trusted CAs + their chains?
    • isTrusted always returning "true":
      You're overriding the standard JSSE certificate verification process and trusting all, so no security at all.
    • That exception: means that the certificate verification failed. RootCA, or the whole CA-chain is missing.

    So it seems like Tomcat ignored your SSLContext. Used like that, the sslContext is useless anyway. Debugging results? JVM SSL settings? Exception stack trace?

提交回复
热议问题