Unable to find valid certification path to requested target - error even after cert imported

前端 未结 10 2031
野的像风
野的像风 2020-11-22 13:12

I have a Java client trying to access a server with a self-signed certificate.

When I try to Post to the server, I get the following error:

un

相关标签:
10条回答
  • 2020-11-22 13:32

    You need to configuring JSSE System Properties, specifically point to client certificate store.

    Via command line:

    java -Djavax.net.ssl.trustStore=truststores/client.ts com.progress.Client
    

    or via Java code:

    import java.util.Properties;
        ...
        Properties systemProps = System.getProperties();
        systemProps.put("javax.net.ssl.keyStorePassword","passwordForKeystore");
        systemProps.put("javax.net.ssl.keyStore","pathToKeystore.ks");
        systemProps.put("javax.net.ssl.trustStore", "pathToTruststore.ts");
        systemProps.put("javax.net.ssl.trustStorePassword","passwordForTrustStore");
        System.setProperties(systemProps);
        ...
    

    For more refer to details on RedHat site.

    0 讨论(0)
  • 2020-11-22 13:33

    I had the same problem with sbt.
    It tried to fetch dependencies from repo1.maven.org over ssl
    but said it was "unable to find valid certification path to requested target url".
    so I followed this post and still failed to verify a connection.
    So I read about it and found that the root cert is not enough, as was suggested by the post,so -
    the thing that worked for me was importing the intermediate CA certificates into the keystore.
    I actually added all the certificates in the chain and it worked like a charm.

    0 讨论(0)
  • 2020-11-22 13:36

    My problem was that a Cloud Access Security Broker, NetSkope, was installed on my work laptop through a software update. This was altering the certificate chain and I was still not able to connect to the server through my java client after importing the entire chain to my cacerts keystore. I disabled NetSkope and was able to successfully connect.

    0 讨论(0)
  • 2020-11-22 13:38

    In my case I was facing the problem because in my tomcat process specific keystore was given using

    -Djavax.net.ssl.trustStore=/pathtosomeselfsignedstore/truststore.jks
    

    Wheras I was importing the certificate to the cacert of JRE/lib/security and the changes were not reflecting. Then I did below command where /tmp/cert1.test contains the certificate of the target server

    keytool -import -trustcacerts -keystore /pathtosomeselfsignedstore/truststore.jks -storepass password123 -noprompt -alias rapidssl-myserver -file /tmp/cert1.test
    

    We can double check if the certificate import is successful

    keytool -list -v -keystore /pathtosomeselfsignedstore/truststore.jks
    

    and see if your taget server is found against alias rapidssl-myserver

    0 讨论(0)
提交回复
热议问题