发表新帖
发表新帖

Ignore SSL Certificate in a Servlet

后端 未结
关注
3 1115
忘掉有多难
忘掉有多难 2021-02-19 04:21

I am getting the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro
3条回答
  • 孤独总比滥情好
    孤独总比滥情好 (楼主)
    2021-02-19 04:23

    Is the website certificate issued by a private/company-owned CA or is it a self-signed?

    ... new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() ...
    • Trustore is null:
      Did you try to load a keystore/file containing the trusted CAs + their chains?
    • isTrusted always returning "true":
      You're overriding the standard JSSE certificate verification process and trusting all, so no security at all.
    • That exception: means that the certificate verification failed. RootCA, or the whole CA-chain is missing.

    So it seems like Tomcat ignored your SSLContext. Used like that, the sslContext is useless anyway. Debugging results? JVM SSL settings? Exception stack trace?

    0 讨论(0)
 看不清?
提交回复
热议问题