问题
I am currently working on Mobile first version 8. While creating a java adapter to call a api through the following code I m receiving error "java.security.cert.CertificateException: PKIX path building failed mobile first java adapter error"
@GET
@Path("/unprotected")
@Produces(MediaType.TEXT_PLAIN)
@OAuthSecurity(enabled = false)
public String unprotected() {
StringBuffer content = new StringBuffer();
try {
URL url = new URL("Some Url");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
BufferedReader in =new BufferedReader(new inputStreamReader(con.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
content.append(inputLine);
logger.info("MYFind Data" + content.toString());
in.close();
con.disconnect();
} catch (Exception e) {
logger.info("" + e.getMessage());
}
return content.toString();
}
error found in the logfile from "C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\logs\messages.log"
E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
00000619 com.wether.JavaAdapterMainResource I java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
回答1:
The error message very clearly articulates the problem:
SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks
The certificate from the endpoint is signed by 'COMODO'. Verify if your Java cacerts and/or keystore configured in your Liberty server has the root CA. If not, add it.
回答2:
Yes i finally got the answer as uh said "SSL handshake is failing from a missing signer in your server". I just registered the my api url certificate to my mobile-first server.To do so with the software to import the certificate on server.
The url for software :- https://keystore-explorer.org/downloads.html
the path of file where to import certificate:-
C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\resources\security
Password:-"mobilefirst"
and just drag and drop the certificate of you api url
final setp to restart server
来源:https://stackoverflow.com/questions/54531303/how-to-solve-this-error-java-security-cert-certificateexception-while-calling