发表新帖
发表新帖

PKIX path building failed in Java application

后端 未结
关注
6 2088
悲&欢浪女
悲&欢浪女 2020-11-30 02:38

I have been struggling for almost one week to get my applications up running after moving my applications from Windows 2000 to Windows 2008 R2 Server.

The procedure:

相关标签:
6条回答
  • 谎友^
    2020-11-30 02:49

    I ran into similar issues whose cause and solution turned out both to be rather simple:

    Main Cause: Did not import the proper cert using keytool

    NOTE: Only import root CA (or your own self-signed) certificates

    NOTE: don't import an intermediate, non certificate chain root cert

    Solution Example for imap.gmail.com

    1. Determine the root CA cert: 

      openssl s_client -showcerts -connect imap.gmail.com:993

      in this case we find the root CA is Equifax Secure Certificate Authority

    2. Download root CA cert.
    3. Verify downloaded cert has proper SHA-1 and/or MD5 fingerprints by comparing with info found here

    4. Import cert for javax.net.ssl.trustStore: 

      keytool -import -alias gmail_imap -file Equifax_Secure_Certificate_Authority.pem
    5. Run your java code
    0 讨论(0)
  • 走了就别回头了
    2020-11-30 02:51

    Per your pastebin, you need to add the proxy.tkk.com certificate to the truststore.

    0 讨论(0)
  • 刺人心
    2020-11-30 03:01

    You've imported the certificate into the truststore of the JRE provided in the JDK, but you are running the java.exe of the JRE installed directly.

    EDIT

    For clarity, and to resolve the morass of misunderstanding in the commentary below, you need to import the certificate into the cacerts file of the JRE you are intending to use, and that will rarely if ever be the one shipping inside the JDK, because clients won't normally have a JDK. Anything in the commentary below that suggests otherwise should be ignored as not expressing my intention here.

    A far better solution would be to create your own truststore, starting with a copy of the cacerts file, and specifically tell Java to use that one via the system property javax.net.ssl.trustStore.

    You should make building this part of your build process, so as to keep up to date with changes I the cacerts file caused by JDK upgrades.

    0 讨论(0)
  • 北恋
    2020-11-30 03:01

    If you are using Eclipse just cross check in Eclipse Windows--> preferences---->java---> installed JREs is pointing the current JRE and the JRE where you have configured your certificate. If not remove the JRE and add the jre where your certificate is installed

    0 讨论(0)
  • 被撕碎了的回忆
    2020-11-30 03:13

    On Windows you can try these steps:

    1. Download a root CA certificate from the website.
    2. Find a file jssecacerts in the directory /lib/security with JRE (you can use a comand System.out.println(System.getProperty("java.home"); to find the folder with the current JRE). Make a backup of the file.
    3. Download a program portecle.
    4. Open the jssecacerts file in portecle.
    5. Enter the password: changeit.
    6. Import the downloaded certificate with porticle (Tools > Import Trusted Certificate).
    7. Click Save.
    8. Replace the original file jssecacerts.
    0 讨论(0)
  • 轮回少年
    2020-11-30 03:13

    In my case the issue was resolved by installing Oracle's official JDK 10 as opposed to using the default OpenJDK that came with my Ubuntu. This is the guide I followed: https://www.linuxuprising.com/2018/04/install-oracle-java-10-in-ubuntu-or.html

    0 讨论(0)
 看不清?
提交回复
热议问题