成人国产在线小视频_日韩寡妇人妻调教在线播放_色成人www永久在线观看_2018国产精品久久_亚洲欧美高清在线30p_亚洲少妇综合一区_黄色在线播放国产_亚洲另类技巧小说校园_国产主播xx日韩_a级毛片在线免费

資訊專欄INFORMATION COLUMN

解決https安全證書缺少的問題

TerryCai / 3329人閱讀

摘要:解決的問題問題描述這兩天上測試服務(wù)器的時候突然報這樣的異常問題的根本訪問的時候缺少安全證書,導(dǎo)致的錯誤解決措施將安全證書下載到本地。輸入等待程序執(zhí)行完成,當(dāng)前目錄下會生成一個的安全文件將證書拷貝到目錄下重新啟動完成

解決PKIX:unable to find valid certification path to target 的問題 問題描述

這兩天上測試服務(wù)器的時候突然報這樣的異常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

問題的根本

訪問https的時候缺少安全證書,導(dǎo)致的錯誤

解決措施

將安全證書下載到本地 =.= 。查閱了很久的資料,找到如下一份大神的源碼特來分享

附上代碼 
/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
 
public class InstallCert {
 
    public static void main(String[] args) throws Exception {
        String host;
        int port;
        char[] passphrase;
        if ((args.length == 1) || (args.length == 2)) {
            String[] c = args[0].split(":");
            host = c[0];
            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            String p = (args.length == 1) ? "changeit" : args[1];
            passphrase = p.toCharArray();
        } else {
            System.out
                    .println("Usage: java InstallCert [:port] [passphrase]");
            return;
        }
 
        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP + "lib"
                    + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();
 
        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf
                .getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[] { tm }, null);
        SSLSocketFactory factory = context.getSocketFactory();
 
        System.out
                .println("Opening connection to " + host + ":" + port + "...");
        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }
 
        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
 
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                System.in));
 
        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println(" " + (i + 1) + " Subject "
                    + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }
 
        System.out
                .println("Enter certificate to add to trusted keystore or "q" to quit: [1]");
        String line = reader.readLine().trim();
        int k;
        try {
            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
        } catch (NumberFormatException e) {
            System.out.println("KeyStore not changed");
            return;
        }
 
        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);
 
        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();
 
        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out
                .println("Added certificate to keystore "jssecacerts" using alias ""
                        + alias + """);
    }
 
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
 
    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(" ");
        }
        return sb.toString();
    }
 
    private static class SavingTrustManager implements X509TrustManager {
 
        private final X509TrustManager tm;
        private X509Certificate[] chain;
 
        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }
 
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }
 
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            throw new UnsupportedOperationException();
        }
 
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }
}
如何執(zhí)行

1.首先將java文件編譯成class文件,使用javac命令 javac InstallCert.java
2.當(dāng)前目錄下即產(chǎn)生InstallCert.class文件以及InstallCert$SavingTrustManager.class文件
3.運(yùn)行InstallCert.class文件并傳入?yún)?shù),java InstallCert host:port 通過作者的源碼可以得知默認(rèn)端口為443

此時會輸出如下信息

G:com>java InstallCert www.baidu.com
Loading KeyStore C:Program FilesJavajre1.8.0_191libsecuritycacerts...
Opening connection to www.baidu.com:443...
Starting SSL handshake...

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at InstallCert.main(InstallCert.java:95)
Caused by: java.lang.UnsupportedOperationException
        at InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:18
0)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraint
s(Unknown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unk
nown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unkno
wn Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
        ... 3 more

Server sent 2 certificate(s):

 1 Subject CN=baidu.com, O="Beijing Baidu Netcom Science Technology Co., Ltd", O
U=service operation department, L=beijing, ST=beijing, C=CN
   Issuer  CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign
nv-sa, C=BE
   sha1    d6 aa f8 cf a0 e0 23 65 47 fc 2a 89 4f 89 5e c9 47 24 a6 0d
   md5     fd 63 96 dc 4e 9f 1e a9 16 51 d6 87 73 4d 39 76

 2 Subject CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign
nv-sa, C=BE
   Issuer  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
   sha1    90 2e f2 de eb 3c 5b 13 ea 4c 3d 51 93 62 93 09 e2 31 ae 55
   md5     d3 e8 70 6d 82 92 ac e4 dd eb f7 a8 bb bd 56 6b

Enter certificate to add to trusted keystore or "q" to quit: [1]

4.輸入q為退出,輸入1為下載。輸入1等待程序執(zhí)行完成,當(dāng)前目錄下會生成一個jssecacerts的安全文件
5.將證書拷貝到$JAVA_HOME/jre/lib/security目錄下
6.重新啟動web server

完成~

文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。

轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/74032.html

相關(guān)文章

  • 通過 Certbot 安裝 Let's Encrypt 證書,來實(shí)現(xiàn)全站 HTTPS

    摘要:甚至和百度的搜索結(jié)果也正在給予的網(wǎng)站更高的排名和優(yōu)先收錄權(quán)。由于預(yù)設(shè)的解碼器是,所以就不能識別中文。那理解了這個錯誤原因后,我這邊首先想到的就是網(wǎng)站的配置文件中是否含有中文。打開一看,確實(shí)存在中文注釋。 相關(guān)知識 HTTP/HTTPS 是什么? 簡單來說,HTTP 是一個傳輸網(wǎng)頁內(nèi)容的協(xié)議,比如我們?yōu)g覽一個網(wǎng)頁,網(wǎng)頁上的文字、圖片、 CSS 、 JS 等文件都是通過 HTTP 協(xié)議傳輸...

    Lsnsh 評論0 收藏0

  • 關(guān)于微信支付服務(wù)器于2018年5月29日更換SSL數(shù)字證書

    摘要:年月日微信支付團(tuán)隊向所有開發(fā)者或者支付賬戶管理員發(fā)送了微信支付服務(wù)器將于年月日更換服務(wù)器的數(shù)字證書,如果商戶平臺所在的服務(wù)器過于老舊或者缺少根證書,屆時將會導(dǎo)致接口支付通信故障。 2018年3月14日微信支付團(tuán)隊向所有開發(fā)者或者支付賬戶管理員發(fā)送了微信支付HTTPS服務(wù)器將于2018年5月29日更換服務(wù)器的SSL數(shù)字證書,如果商戶平臺所在的服務(wù)器過于老舊或者缺少DigiCert根證書,...

    godiscoder 評論0 收藏0

  • App架構(gòu)設(shè)計經(jīng)驗(yàn)談:接口設(shè)計

    摘要:安全機(jī)制的設(shè)計現(xiàn)在,大部分的接口都采用架構(gòu),最重要的一個設(shè)計原則就是,客戶端與服務(wù)器的交互在請求之間是無狀態(tài)的,也就是說,當(dāng)涉及到用戶狀態(tài)時,每次請求都要帶上身份驗(yàn)證信息。 App與服務(wù)器的通信接口如何設(shè)計得好,需要考慮的地方挺多的,在此根據(jù)我的一些經(jīng)驗(yàn)做一些總結(jié)分享,旨在拋磚引玉。 安全機(jī)制的設(shè)計 現(xiàn)在,大部分App的接口都采用RESTful架構(gòu),RESTFul最重要的一個設(shè)計原則就...

    zombieda 評論0 收藏0

  • 外貿(mào)建站需要花多少錢?外貿(mào)獨(dú)立建站費(fèi)用包括哪些?

    摘要:外貿(mào)網(wǎng)站通常訪客量大并且面向的多是海外客戶,為了網(wǎng)站安全穩(wěn)定運(yùn)行,所以我們在搭建網(wǎng)站時會選擇高配置的海外服務(wù)器,常見的海外服務(wù)器包括美國服務(wù)器歐洲服務(wù)器日本服務(wù)器韓國服務(wù)器等。外貿(mào)建站一般要花多少錢?隨著跨境電商的興起,不少用戶會選擇外貿(mào)獨(dú)立站,即自己搭建個網(wǎng)站,方便國外客戶瀏覽。用戶在做外貿(mào)網(wǎng)站前,一般會對外貿(mào)獨(dú)立建站費(fèi)用做個預(yù)算,那么外貿(mào)建站需要花多少錢?費(fèi)用主要包括哪些方面?下面一起來...

    antz 評論0 收藏0

發(fā)表評論

0條評論

最新活動
閱讀需要支付1元查看
<