java - SSL 握手失败 - 无法找到请求目标的有效证书路径
问题描述
我们无法通过 java 连接到 https 网站。出现“无法找到证书的有效路径”的错误。启用 java.net 调试日志后,我发现以下日志。我无法弄清楚问题出在哪里。这里使用的操作系统是 windows,但是我也发现在其他一些机器上它工作得很好。任何帮助将不胜感激
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6A 19 D6 FF 22 F3 80 A9 0E A8 E3 14 24 10 FC E6 j...".......$...
0010: 33 5A F6 55 3Z.U
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 88 95 D2 93 9A 8D 0F 37 29 02 0F AB 21 26 DF 09 .......7)...!&..
0010: 24 36 17 2E C1 CE 3D 09 24 DD 22 A8 64 E2 40 65 $6....=.$.".d.@e
0020: 37 C2 76 67 A8 4A 80 B8 ED 65 14 A5 1E 3F 23 83 7.vg.J...e...?#.
0030: 74 A0 5A 7D 26 D3 DB AB 93 2E 12 A0 DE B7 9E 6B t.Z.&..........k
0040: 06 2D EB CD 8F 87 F6 DD 5F 1C 25 9A CE 45 7B B7 .-......_.%..E..
0050: 19 48 F5 70 3A 12 F9 59 2D 26 F6 C3 29 4F F9 89 .H.p:..Y-&..)O..
0060: 7B 7E 3A F9 26 5A F7 16 9F 78 04 CC 39 D2 41 DB ..:.&Z...x..9.A.
0070: 3B 42 B7 0D 2C 86 CE 75 30 0E 4F 7F 95 34 5D F0 ;B..,..u0.O..4].
0080: 0E 75 A4 01 DB E7 11 E8 19 B6 18 D3 AF 01 0A 34 .u.............4
0090: A6 F1 64 24 55 82 23 65 FB 74 2F 28 C8 EA 11 F8 ..d$U.#e.t/(....
00A0: 81 F1 51 12 55 3C FE DA 7D 1B 0D 3A 3F 96 62 81 ..Q.U<.....:?.b.
00B0: 68 7D 5B 5B 98 71 78 F8 01 BE AB F1 E3 92 A0 40 h.[[.qx........@
00C0: 1C D4 6F 81 E8 5A 41 56 18 25 FE 36 A7 E7 51 62 ..o..ZAV.%.6..Qb
00D0: 0A 84 08 C0 27 64 2F A5 73 A0 5B 74 FE 70 63 45 ....'d/.s.[t.pcE
00E0: 23 2B 95 DA 07 EF A9 19 65 7D 0D 9A 77 43 22 06 #+......e...wC".
00F0: 31 AB 33 47 63 BC 00 FF C0 5C 03 1D 9C 42 45 19 1.3Gc....\...BE.
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=support@fortinet.com, CN=FG380D3917800028, OU=Certificate Authority, O=Fortinet, L=Sunnyvale, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28221333724249516057731819561760398578507949032034777063361608650335936245825091132173774481287280336241037237714149159264869968133323515370756324777569666060937733472504967577381693074262134360955447955311078707268255431573272027086515405348333292006017601873861279276100396983742695690610449198248361991168795391926365693059761159899722879193770898399250362336274365607829045831588234406905977364279286752525587203321936207325790702456762629054309593962647422884106981897362572959942178334880113931073724281938078022950800684501641480584707329993654588732092664556366659194747070324124914022623228996675639770318141
public exponent: 65537
Validity: [From: Tue Dec 12 08:22:19 AST 2017,
To: Mon Dec 13 08:22:19 AST 2027]
Issuer: EMAILADDRESS=support@fortinet.com, CN=FG380D3917800028, OU=Certificate Authority, O=Fortinet, L=Sunnyvale, ST=California, C=US
SerialNumber: [ 3c1f0e9b e2307009]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: C3 A9 67 94 F1 66 93 BC AA 56 46 7F 80 6B DF 70 ..g..f...VF..k.p
0010: D0 94 6A 95 69 8A BE EE BF AB 92 CD A1 2F C3 E2 ..j.i......../..
0020: 74 32 2A 5B 7C 1C 8C 57 9E F6 67 2B 3E 33 14 72 t2*[...W..g+>3.r
0030: CD FF F2 AD 2E 9E 30 E5 F5 87 35 1E 63 E5 46 B2 ......0...5.c.F.
0040: D4 05 C8 B0 45 38 40 0E 81 76 D5 C3 0A B5 2A 37 ....E8@..v....*7
0050: 78 09 80 16 2D D7 78 EF C1 02 F4 C6 0A 05 37 C7 x...-.x.......7.
0060: 3F E3 79 3D E9 13 C2 A1 B2 07 F5 F2 86 F3 94 16 ?.y=............
0070: 5E 7B F3 32 8C E4 3B B5 32 72 E0 3D 28 87 8F CE ^..2..;.2r.=(...
0080: 5A 1C F6 C5 4F 10 F4 6F B4 B4 72 5C AA F1 3F AD Z...O..o..r\..?.
0090: 47 30 1C 31 B9 A9 07 1F B0 0E DE 97 0F EF FE CF G0.1............
00A0: F2 C8 72 0A CB 49 F2 4C F6 80 F5 E4 80 BD 0D 66 ..r..I.L.......f
00B0: 1E 09 FB 5C 7C 55 9B 55 2E 21 1B C7 35 CD 84 BF ...\.U.U.!..5...
00C0: 0B C1 8C 02 D9 F4 6E 57 DC EE C7 8D 63 33 98 4F ......nW....c3.O
00D0: C8 72 6D 90 81 A8 67 56 41 61 A0 2B 29 BD 3A 94 .rm...gVAa.+).:.
00E0: 04 3D BF 3F 52 EF 25 78 92 77 43 6F 28 93 74 BB .=.?R.%x.wCo(.t.
00F0: 6D D1 5D D6 84 38 1E 57 81 E2 ED 28 85 98 E1 A5 m.]..8.W...(....
]
***
%% Invalidated: [Session-161, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
pool-2-thread-1, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
pool-2-thread-1, WRITE: TLSv1.2 Alert, length = 2
pool-2-thread-1, called closeSocket()
pool-2-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
pool-2-thread-1, called close()
pool-2-thread-1, called closeInternal(true)
2020-09-21 16:32:11.092 INFO 1352 --- [-exec-3 : KWT-CLX-3dff8-7ZXhAweL4zc-324532-prm-7ZXhCVGz3xX] VintajaGate.class : response session time exceptionjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.lang.Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
解决方案
正如 dave_thompson_085 建议的那样,防火墙正在拦截 ssl 握手,我不得不在我的信任库上安装 fortinet 的证书,这解决了这个问题。问题是这个证书是自签名的,所以必须在所有机器上安装它,但是在另一台机器上它已经安装了。
推荐阅读
- javascript - 无法读取未定义的“已检查”属性 - Javascript
- javascript - 为什么 React 在使用标记库时返回“Object() 不是函数”?
- file - 如何使用 VBScript 重命名目录中的文件,并将文件夹名称附加到文件夹中的所有文件?
- windows - 本机应用工具的 Windows 检测分析
- javascript - Flexbox 布局,桌面上有两列,移动设备上有一列
- django - Django 的 request.META 对象中的信息过多
- contiki - 设置 Cooja Simulation 的参数
- c++ - afxv_w32.h 出现致命错误:已包含 WINDOWS.H
- python - 模型未向分布收敛
- python - 如何跨类重用函数