1.最近发现java发送https请求时,会报一个证书异常现象(个人的是在本地windows系统上可以正常访问https路径,但在linux系统上不能访问,后来发现是因为本地%JAVA_HOME%/jre/lib/security和linux上的cacerts证书版本不一致,linux上的是2015-4-16的,比较落后了) -->报错全部信息如下 异常堆栈信息:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.ssl.Alerts.getSSLException(Alerts.java:192) sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) sun.security.ssl.Handshaker.process_record(Handshaker.java:914) sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354) org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
2.根本原因: Java在请求某些不受信任的https网站时会报:PKIX path building failed
3.解决办法: 1)、导入证书到本地证书库
2)、信任所有SSL证书
4.网上推荐使用 3.2,个人尝试了一下不行,这里讲解个人的解决方式
![](https://img.laitimes.com/img/__Qf2AjLwojIjJCLyojI0JCLicGcq5iNhRDOmJWZxIjY1MGO4kjNlZjMmRTYjFWN2cjY1kDZkZjZ18CX0VmbjN3bvwFdl5mLh5WaoN2cv5yZtl2Yz92Lc9CX6MHc0RHaiojIsJye.jpg)
将最新的cacerts文件,替换到linux服务器上\jre\lib\security\目录下,替换老版本的证书
版权声明:本文为CSDN博主「weixin_33869377」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/weixin_33869377/article/details/92335787