问题
I am in a company, and need set proxy to connect to the Internet. The proxy setting is ok, because I can connect to other website, e.g. Neon - http://download.eclipse.org/releases/neon, but not for http://aws.amazon.com/eclipse.
The error message is:
Unable to read repository at https://aws.amazon.com/eclipse/content.xml. Unable to read repository at https://aws.amazon.com/eclipse/content.xml. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
The specific stack is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435) at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216) at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:394) at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263) at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 20 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 26 more
回答1:
This is because java is not recognizing root certificate authority (CA) SSL certificate of https://aws.amazon.com.
Solution is to add that certificate to java cacerts file so that it got permanently accepted.
Step 1 : Get root certificate of https://aws.amazon.com
CHROME BROWSER
- Open https://aws.amazon.com
- Select Inspect from context menu(right clicking on page) and navigate to security tab
- Click on view certificates
- Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
- drag and drop that image which you saw written certificate on desktop.
FIREFOX BROWSER
- Open https://aws.amazon.com
- click on the green lock button "show certificate"
- tab "details", "export"
Thats it! you got your root certificate!
Step 2 : Get that certificate added to java cacerts file.
- use keytool.exe inside your jre bin folder.
- fire following command to place your certificate inside cacerts file
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file /PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore /PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! you got your problem resolved.
PLEASE NOTE
- Do confirm that the jre which is giving you this PKIX error(JRE used by eclipse or your app after deployment) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
回答2:
Go to Eclipse -> Window -> Preferences -> Network Settings Change Active Provider to Direct Save Go back to Install Software Try again to pull from AWS Repo This time it will work
回答3:
Just flow the below steps in eclipse, 1) go to windows -> preference - > search for network connections 2) Change the active provider to direct.
Then try install software in eclipse and search for http://aws.amazon.com/eclipse. It will work.
回答4:
Try changing the Window/Preferences/Network settings from Native to Direct. Launch eclipse from CLI using "eclipse.exe -clean" Retry the update
来源:https://stackoverflow.com/questions/40371726/how-to-solve-the-connection-when-install-aws-toolkit-on-eclipse-neon