Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

后端 未结 22 2522
名媛妹妹
名媛妹妹 2020-11-21 05:59

Edit :- Tried to format the question and accepted answer in more presentable way at mine Blog

Here is the original issue.

相关标签:
22条回答
  • 2020-11-21 06:03

    My cacerts file was totally empty. I solved this by copying the cacerts file off my windows machine (that's using Oracle Java 7) and scp'd it to my Linux box (OpenJDK).

    cd %JAVA_HOME%/jre/lib/security/
    scp cacerts mylinuxmachin:/tmp
    

    and then on the linux machine

    cp /tmp/cacerts /etc/ssl/certs/java/cacerts
    

    It's worked great so far.

    0 讨论(0)
  • 2020-11-21 06:03

    I have this problem too.

    I tried almost everything by adding the SSL cert to .keystore, but, it was not working with Java1_6_x. For me it helped if we start using newer version of Java, Java1_8_x as JVM.

    0 讨论(0)
  • 2020-11-21 06:07

    In my case the issue was that the webserver was only sending the certificate and the intermediate CA, not the root CA. Adding this JVM option solved the problem: -Dcom.sun.security.enableAIAcaIssuers=true

    Support for the caIssuers access method of the Authority Information Access extension is available. It is disabled by default for compatibility and can be enabled by setting the system property com.sun.security.enableAIAcaIssuers to the value true.

    If set to true, Sun's PKIX implementation of CertPathBuilder uses the information in a certificate's AIA extension (in addition to CertStores that are specified) to find the issuing CA certificate, provided it is a URI of type ldap, http, or ftp.

    Source

    0 讨论(0)
  • 2020-11-21 06:08

    Another reason could be an outdated version of JDK. I was using jdk version 1.8.0_60, simply updating to the latest version solved the certificate issue.

    0 讨论(0)
  • 2020-11-21 06:08

    I was using jdk1.8.0_171 when I faced the same issue. I tried top 2 solutions here (adding a certificate using keytool and another solution which has a hack in it) but they didn't work for me.

    I upgraded my JDK to 1.8.0_181 and it worked like a charm.

    0 讨论(0)
  • 2020-11-21 06:09

    i wrote a small win32 (WinXP 32bit testet) stupid cmd (commandline) script which looks for all java versions in program files and adds a cert to them. The Password needs to be the default "changeit" or change it yourself in the script :-)

    @echo off
    
    for /F  %%d in ('dir /B %ProgramFiles%\java') do (
        %ProgramFiles%\Java\%%d\bin\keytool.exe -import -noprompt -trustcacerts -file some-exported-cert-saved-as.crt -keystore %ProgramFiles%\Java\%%d\lib\security\cacerts -storepass changeit
    )
    
    pause
    
    0 讨论(0)
提交回复
热议问题