Unable to find valid certification path to requested target - error even after cert imported

前端 未结 10 2054
野的像风
野的像风 2020-11-22 13:12

I have a Java client trying to access a server with a self-signed certificate.

When I try to Post to the server, I get the following error:

un

10条回答
  •  栀梦
    栀梦 (楼主)
    2020-11-22 13:23

    Unfortunately - it could be many things - and lots of app servers and other java 'wrappers' are prone to play with properties and their 'own' take on keychains and what not. So it may be looking at something totally different.

    Short of truss-ing - I'd try:

    java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=trustStore ...
    

    to see if that helps. Instead of 'all' one can also set it to 'ssl', key manager and trust manager - which may help in your case. Setting it to 'help' will list something like below on most platforms.

    Regardless - do make sure you fully understand the difference between the keystore (in which you have the private key and cert you prove your own identity with) and the trust store (which determines who you trust) - and the fact that your own identity also has a 'chain' of trust to the root - which is separate from any chain to a root you need to figure out 'who' you trust.

    all            turn on all debugging
    ssl            turn on ssl debugging
    
    The   following can be used with ssl:
        record       enable per-record tracing
        handshake    print each handshake message
        keygen       print key generation data
        session      print session activity
        defaultctx   print default SSL initialization
        sslctx       print SSLContext tracing
        sessioncache print session cache tracing
        keymanager   print key manager tracing
        trustmanager print trust manager tracing
        pluggability print pluggability tracing
    
        handshake debugging can be widened with:
        data         hex dump of each handshake message
        verbose      verbose handshake message printing
    
        record debugging can be widened with:
        plaintext    hex dump of record plaintext
        packet       print raw SSL/TLS packets
    

    Source: # See http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug

提交回复
热议问题