程式師世界 >> 編程語言 >> JAVA編程 >> JAVA綜合教程 >> 配置Java SSL 訪問網站證書，javassl

配置Java SSL 訪問網站證書，javassl

編輯：JAVA綜合教程

配置Java SSL 訪問網站證書，javassl

最近在開發 Java 訪問 Azure ServiceBus 時遇到SSL證書問題，導致JAVA報錯，不能正常訪問，報錯信息如下：

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解決方法：配置要訪問網站的域名證書，並導入的服務器jdk環境中

java InstallCert [host]:[port]

例：java InstallCert abc.com:443

　　運行後會列出證書讓你選擇，輸入1回車，最後會在當前目錄生成一個jssecacerts文件。

1. 導出證書文件

1) 使用CMD命令進入jssecacerts文件所在目錄

2) 運行以下命令，導出證書文件：

keytool -exportcert -alias [host]-1 -keystore jssecacerts -storepass changeit -file [host].cer

例：keytool -exportcert -alias www.abc.com-1 -keystore jssecacerts -storepass changeit -file www.abc.com.cer

將證書文件導入系統keystore

keytool -importcert -alias [host] -keystore [path to system keystore] -storepass changeit -file [host].cer

例：keytool -importcert -alias www.abc.com -keystore "C:\Program Files\Java\jre1.8.0_111\lib\security\cacerts" -storepass changeit -file www.abc.com.cer

# Example:
java InstallCert woot.com:443

    Loading KeyStore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts...
    Opening connection to woot.com:443...
    Starting SSL handshake...

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    <...>

    Server sent 1 certificate(s):

     1 Subject O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
       Issuer  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
       sha1    4b 46 ca 6b 83 05 b3 51 ff c6 e7 9c fd b3 9b e3 3f 2e c4 53 
       md5     e8 a5 88 1b d5 67 bb fc 88 cc b1 c5 2b ac c4 7d 

    Enter certificate to add to trusted keystore or 'q' to quit: [1]

[enter]

    [
    [
      Version: V3
      Subject: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    <...>

    Added certificate to keystore 'jssecacerts' using alias 'woot.com-1'

keytool -exportcert -alias woot.com-1 -keystore jssecacerts -storepass changeit -file woot.com.cer

    Certificate stored in file <woot.com.cer>
  
(sudo) keytool -importcert -alias woot.com -keystore /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/cacerts -storepass changeit -file woot.com.cer

    Owner: O=Woot Inc, C=US, ST=Texas, L=Carrollton, CN=*.woot.com
    Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  
    <...>
  
    Trust this certificate? [no]:
  
yes

    Certificate was added to keystore

參考網址：https://github.com/escline/InstallCert