2. 程式人生 > 其它 >解決報錯:PKIX:unable to find valid certification path to requested target !

解決報錯:PKIX:unable to find valid certification path to requested target !

阿新 發佈:2021-01-18

技術標籤:DevOpsjenkinsdevops

一、簡介
該錯誤主要是請求https網站時,服務端無法驗證客戶端資訊。需要客戶端安裝證書。
目前博主是在使用Jenkins下載外掛時遇到的該問題。
觸類旁通,訪問其他https網站時遇到該問題,也可使用如下方式解決

二、解決方案
2.1 建立InstallCert.java檔案

import java.net.Proxy;
import java.net.Socket;
import java.net.InetSocketAddress;
import javax.net.ssl.*;
import java.io.*;
import java.
 
security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Class used to add the server's certificate to the KeyStore
 * with your trusted certificates.
 */
public class InstallCert {

    public static void main
 
(String[] args) throws Exception {

        String host       = null;
        int    port       = -1;
        char[] passphrase = null;

        // proxy
        boolean           useProxy   = false;
        String            proxyHost  = null;
        int               proxyPort  = -1;
        InetSocketAddress proxyAddr  =
 
 null;
        Socket            underlying = null;

        int numArg = 0;
        int nbArgs = args.length;
        boolean invalidArgs = false;
        boolean isQuiet = false;
        while (numArg < nbArgs) {
            String arg = args[numArg++];
            if (arg.startsWith("--proxy=")) {
                String proxy = arg.substring("--proxy=".length());
                useProxy = true;
                String[] c = proxy.split(":");
                proxyHost = c[0];
                proxyPort = Integer.parseInt(c[1]);  // proxy port is mandatory (we don't default to 8080)
            }
            else if (arg.startsWith("--quiet")) {
                isQuiet = true;
            }
            else if (host == null) {  // 1st argument is the "host:port"
                String[] c = arg.split(":");
                host = c[0];
                port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
            }
            else if (passphrase == null) {  //  2nd argument is the keystore passphrase
                passphrase = arg.toCharArray();
            }
            else {
                invalidArgs = true;  // too many args
            }
        }

        if (host == null) {
            invalidArgs = true;
        }

        if (invalidArgs) {
            System.out.println("Usage: java InstallCert [--proxy=proxyHost:proxyPort] host[:port] [passphrase] [--quiet]");
            return;
        }

        // default values
        if (port       == -1  ) { port       = 443; }
        if (passphrase == null) { passphrase = "changeit".toCharArray(); }

        File file = new File("jssecacerts");
        if (file.isFile() == false) {
            char SEP = File.separatorChar;
            File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");
            file = new File(dir, "jssecacerts");
            if (file.isFile() == false) {
                file = new File(dir, "cacerts");
            }
        }
        System.out.println("Loading KeyStore " + file + "...");
        InputStream in = new FileInputStream(file);
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(in, passphrase);
        in.close();

        if (useProxy) {
            proxyAddr = new InetSocketAddress(proxyHost, proxyPort);
            underlying = new Socket(new Proxy(Proxy.Type.HTTP, proxyAddr));
        }

        SSLContext context = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
        context.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory factory = context.getSocketFactory();

        System.out.println("Opening connection to " + host + ":" + port + (useProxy ? (" via proxy "+proxyHost+":"+proxyPort) : "") + " ...");
        SSLSocket socket;
        if (useProxy) {
            underlying.connect(new InetSocketAddress(host, port));
            socket = (SSLSocket) factory.createSocket(underlying, host, port, true);
        } else {
            socket = (SSLSocket) factory.createSocket(host, port);
        }
        socket.setSoTimeout(10000);
        try {
            System.out.println("Starting SSL handshake...");
            socket.startHandshake();
            socket.close();
            System.out.println();
            System.out.println("No errors, certificate is already trusted");
        } catch (SSLException e) {
            System.out.println();
            e.printStackTrace(System.out);
        }

        X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

        System.out.println();
        System.out.println("Server sent " + chain.length + " certificate(s):");
        System.out.println();
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
        MessageDigest md5 = MessageDigest.getInstance("MD5");
        for (int i = 0; i < chain.length; i++) {
            X509Certificate cert = chain[i];
            System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());
            System.out.println("   Issuer  " + cert.getIssuerDN());
            sha1.update(cert.getEncoded());
            System.out.println("   sha1    " + toHexString(sha1.digest()));
            md5.update(cert.getEncoded());
            System.out.println("   md5     " + toHexString(md5.digest()));
            System.out.println();
        }

        int k;
        if (isQuiet) {
            System.out.println("Adding first certificate to trusted keystore");
            k = 0;
        }
        else {
            System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
            String line = reader.readLine().trim();
            try {
                k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
            } catch (NumberFormatException e) {
                System.out.println("KeyStore not changed");
                return;
            }
        }

        X509Certificate cert = chain[k];
        String alias = host + "-" + (k + 1);
        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");
        ks.store(out, passphrase);
        out.close();

        System.out.println();
        System.out.println(cert);
        System.out.println();
        System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 3);
        for (int b : bytes) {
            b &= 0xff;
            sb.append(HEXDIGITS[b >> 4]);
            sb.append(HEXDIGITS[b & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {
            this.tm = tm;
        }

        public X509Certificate[] getAcceptedIssuers() {
            // This change has been done due to the following resolution advised for Java 1.7+
            // http://infposs.blogspot.kr/2013/06/installcert-and-java-7.html
            return new X509Certificate[0];
            //throw new UnsupportedOperationException();
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            this.chain = chain;
            tm.checkServerTrusted(chain, authType);
        }
    }

}

2.2 生成證書檔案
在該java檔案所在的目錄下,開啟cmd介面

執行 `javac InstallCert.java`

會生成如下所示兩個class檔案
在這裡插入圖片描述

然後執行 `java InstallCert.java targetHost`
targetHost 為需要訪問的域名地址
例如:博主這裡要訪問的是清華大學開源映象網站(https://mirrors.tuna.tsinghua.edu.cn/)
執行 `java InstallCert.java mirrors.tuna.tsinghua.edu.cn`

然後在當前目錄下會生成一個 jssecacerts 檔案

2.3 複製 jssecacerts 檔案
jssecacerts 檔案複製到 $JAVA_HOME/jre/lib/security 目錄下
$JAVA_HOME 為大家JDK安裝的目錄

然後重啟Jenkins即可

相關推薦

解決PKIXunable to find valid certification path to requested target

技術標籤DevOpsjenkinsdevops 一、簡介 該錯誤主要是請求https網站時,服務端無法驗證客戶端資訊。需要客戶端安裝證書。 目前博主是在使用Jenkins下載外掛時遇到的該問題。 觸類旁通,訪問其他https網站時遇到

解決https負載unable to find valid certification path to requested target

一.錯誤原因 Java在訪問SSL加密的網站時,需要從JDK的KeyStore 裡面去查詢相對應得可信證書,如果不能從預設或者指定的KeyStore 中找到可信證書,就會這個錯誤。另外,Java所使用的證書倉庫並不是Windows系統自帶的

解決Android studio 3.6.1 出現Cause: unable to find valid certification path to requested target 的問題

1、首先修改根目錄下的build.gradle成如下格式 // Top-level build file where you can add configuration options common to all sub-projects/modules.

maven配置下載包 解決SunCertPathBuilderExceptionunable to find valid certification path to requested target

解決 『SunCertPathBuilderExceptionunable to find valid certification path to requested target』 問題

JAVA 祕鑰管理工具 keytool 解決 PKIX path building failed(unable to find valid certification path to request)

Jenkins 遇到無法安裝外掛的問題,後臺執行 網上搜了一些文章,確認這個問題是Java執行環境沒有設定證書,導致Https請求無法正常相應。

Android Studio出現:Cause: unable to find valid certification path to requested target問題解決

Android Studio , Flutter , IDEA 工程 unable to find valid certification path to requested target 最新解決方案Android Studio工程進入到我這篇部落格之前,相信大家都看過這篇文章啦,徹底解決unable to f

【Java】解決javamail ssl 測試unable to find valid certification path to requested target

執行 java InstallCert imap.exmail.qq.com:993(smtp協議埠) 得到jssecacerts檔案後複製到jdk1.6.0_14\\jre\\lib\\security目錄

java連線MySQL時報unable to find valid certification path to requested target

java連線mysql資訊 05-Dec-2020 13:56:59.027 嚴重 [localhost-startStop-1] org.apache.catalina.core.StandardContext.filterStart 啟動過濾器異常

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

問題截圖無法找到請求目標的有效證書路徑 jar包更新失敗.lastUpdated 資訊

Android Studio出现:Cause: unable to find valid certification path to requested target问题解决

Android Studio , Flutter , IDEA 工程报错 unable to find valid certification path to requested target 最新解决方案Android Studio工程进入到我这篇博客之前,相信大家都看过这篇文章啦,彻底解决unable to fin

AndroidStudio構建專案提示錯誤資訊“unable to find valid certification”的完美解決方案

手抖了一下,把AS升級到了最新版本,然後就悲劇了,公司的專案跑不起來,提示“unable to find valid certification”,新建專案也是一樣的提示。之前總結的解決方案都用了,沒一個好使的,經過兩個下午的折騰,終於

基於Springboot2.3訪問本地路徑下靜態資源的方法(解決Not allowed to load local resource)

最近在做的一個專案中有一個比較奇葩的需求 要在springboot中,上傳本地的圖片進行展示

Intellij-解決import sun.misc.BASE64Decoder無法找到

原部落格地址http://www.cnblogs.com/wsygdb/p/7890237.html 原因JDK從1.8升級到9.0.1後sun.misc.BASE64Decoder和sun.misc.BASE64Encoder不可用

第一次使用androidx,解決More than one file was found with OS independent,‘META-INF/androidx..‘

提示錯誤為More than one file was found with OS independent ‘META-INF/androidx.vectordrawable_vectordrawable.version’ 我做的工作,本身專案為androidx配置的專案,這個時候我添加了一個Activity

【python】解決沒有sklearn.cross_validation模組,sklearn.model_selection模組的

技術標籤python 問題 Python指令碼 ModuleNotFoundError: No module named ‘sklearn.cross_validation

解決IOError: broken data stream when reading image file

技術標籤pythonpython 如下 File "/Library/Python/2.6/site-packages/PIL/ImageFile.py", line 215, in load raise_ioerror(e)

解決yii2 ajax post提交 Bad Request (#400)---Unable to verify your data submission方案

技術標籤Yii框架 解決yii2 ajax post提交 Bad Request #400--Unable to verify your data submission方案

如何解決資訊Error in UseMethod(“filter_”) 在使用dplyr包的filter() 時候

資訊如下 Error in UseMethod("filter_") : no applicable method for \'filter_\' applied to an object of class "character"

List插入資料庫oracle-00926缺失VALUES關鍵字

在資料入庫的時候——oracle-00926缺失VALUES關鍵字. 這是我的SQL <insertid=\"xxxInsert\" parameterType=\"java.util.List\">

Vue——解決 Computed property &quot;****&quot; was assigned to but it has no setter.

  在最近的專案中遇到了如下的警告資訊    [Vue warn]:Computed property \" currentStep\" was assigned to but it has no setter.(意思是計算屬性 currentStep被賦值了,但此它並未定義 set方法 。)