发表新帖
发表新帖

Unable to find valid certification path to requested target - error even after cert imported

前端 未结
关注
10 2021
野的像风
野的像风 2020-11-22 13:12

I have a Java client trying to access a server with a self-signed certificate.

When I try to Post to the server, I get the following error:

un

相关标签:
10条回答
  • 感情败类
    2020-11-22 13:32

    You need to configuring JSSE System Properties, specifically point to client certificate store.

    Via command line:

    java -Djavax.net.ssl.trustStore=truststores/client.ts com.progress.Client

    or via Java code:

    import java.util.Properties;
    ...
    Properties systemProps = System.getProperties();
    systemProps.put("javax.net.ssl.keyStorePassword","passwordForKeystore");
    systemProps.put("javax.net.ssl.keyStore","pathToKeystore.ks");
    systemProps.put("javax.net.ssl.trustStore", "pathToTruststore.ts");
    systemProps.put("javax.net.ssl.trustStorePassword","passwordForTrustStore");
    System.setProperties(systemProps);
    ...

    For more refer to details on RedHat site.

    0 讨论(0)
  • 醉话见心
    2020-11-22 13:33

    I had the same problem with sbt.
    It tried to fetch dependencies from repo1.maven.org over ssl
    but said it was "unable to find valid certification path to requested target url".
    so I followed this post and still failed to verify a connection.
    So I read about it and found that the root cert is not enough, as was suggested by the post,so -
    the thing that worked for me was importing the intermediate CA certificates into the keystore.
    I actually added all the certificates in the chain and it worked like a charm.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-11-22 13:36

    My problem was that a Cloud Access Security Broker, NetSkope, was installed on my work laptop through a software update. This was altering the certificate chain and I was still not able to connect to the server through my java client after importing the entire chain to my cacerts keystore. I disabled NetSkope and was able to successfully connect.

    0 讨论(0)
  • 栀梦
    2020-11-22 13:38

    In my case I was facing the problem because in my tomcat process specific keystore was given using 

    -Djavax.net.ssl.trustStore=/pathtosomeselfsignedstore/truststore.jks

    Wheras I was importing the certificate to the cacert of JRE/lib/security and the changes were not reflecting. Then I did below command where /tmp/cert1.test contains the certificate of the target server

    keytool -import -trustcacerts -keystore /pathtosomeselfsignedstore/truststore.jks -storepass password123 -noprompt -alias rapidssl-myserver -file /tmp/cert1.test

    We can double check if the certificate import is successful

    keytool -list -v -keystore /pathtosomeselfsignedstore/truststore.jks

    and see if your taget server is found against alias rapidssl-myserver

    0 讨论(0)
 看不清?
提交回复
热议问题