当遇到'unable to find valid certification path to requested target'错误时,可以通过下载证书并将其添加到信任存储来解决。使用特定命令从URL下载证书,并保存为独立文件。接着,利用keytool工具将证书导入JRE信任存储,确保每个导入的别名不同,且使用正确的信任存储密码。重新启动应用后,SSL问题应得到解决。
参考文档:Solve “unable to find valid certification path to requested target” | Packagecloud Blog
An alternate way to download the certificate is to use the below command with the URL you want to access.
openssl s_client -showcerts -connect <URL:443>
The command will output all the certificates included in the chain. The output will be as follows.
CONNECTED(00000003)
depth=2 C = USO = Google Trust Services LLCCN = GTS Root R1
verify return:1
depth=1 C = USO = Google Trust Services LLCCN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
0 s:CN = *.google.com
i:C = USO = Google Trust Services LLCCN = GTS CA 1C3
-----BEGIN CERTIFICATE-----
O/B/H91EeIB4q+nmRO
tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH....
-----END CERTIFICATE-----
Save each of them as a file with unique names. Ensure that you copy both the BEGIN CERTIFICATE and END CERTIFICATE part.
4. The next step is to add the certificate to the trust store. This can be done using the keytool utility.
sudo keytool -importcert -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -file ~/Downloads/cert_file.crt -alias "root_cert"
While importing multiple certificatesensure that the alias name is different for each of them. The default password for the JRE trust store is ‘changeit’. If you have changed this passwordensure to use the correct password.
Once this is donerestart your application and everything should be fine.
上面命令 加上 : > cer.cert
即可导出完整的文件
扫一扫
3970
到【灌水乐园】发言
