Java 中的 SSL 密钥和客户端身份验证
我正在连接到 Web 服务 SSL 客户端身份验证,我通过以下方式设置密钥库:
System.getProperties().setProperty("javax.net.ssl.keyStore",
"d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");
调用 Web 服务时:
GetAccountBalanceResponse resp = services.getAccountBalance(request);
出现以下错误
WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
... 2 more
密钥库包含客户端的私有证书,该证书有效并且在浏览器中使用时工作正常。我应该如何修复它?
非常感谢。
I am connecting to a webservice SSL client auth, I set up the keystore by:
System.getProperties().setProperty("javax.net.ssl.keyStore",
"d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");
When calling the webservice:
GetAccountBalanceResponse resp = services.getAccountBalance(request);
I get a following error
WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
... 2 more
The keystore containes the private certificate for the client, the certificate is valid and works fine when used in the browser. How should I fix it?
Many thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当签署服务器证书的 CA 不是众所周知的 CA 之一或者该 CA 的公共证书不在客户端的信任存储中时,就会发生此错误。要解决此问题,您必须将 CA 的公共证书添加到客户端的信任存储中。
请参阅无法找到请求目标的有效证书路径和不再有“无法找到请求的有效证书路径”的情况target' 获取详细说明。
This error occurs when the CA which signed the server cert is either not one of the well know CAs or the public certificate of the CA is not in the trust store of the client. To get around this you will have to add the public certificate of the CA to the trust store of the client.
See unable to find valid certification path to requested target and No more 'unable to find valid certification path to requested target' for detailed instructions.