我正在使用restTemplate进行post请求,并收到以下错误:无法找到到请求的目标的有效证书路径
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transformToListClass': Invocation of init method failed; nested exception is java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://emploenefitsdev/rion/v1/rion/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我的方法如下:
public ImageDescriptor generateImage(String payLoad, String templateName, String slogPrefix) {
try {
ImageDescriptor descriptor = new ImageDescriptor();
String myEUrl = "https://emploenefitsdev/rion/v1/rion/";
String eURL = myUrl.concat(Constant.F_SLASH).concat(templateName);
log.info("payload" + payLoad);
ResponseEntity<Resource> responseEntity = restTemplate.exchange(
eURL,
HttpMethod.POST,
niService.getStringHttpEntityWithPayload(payLoad),
Resource.class);
log.info(String.format("%s generateImage Result: [%s] ", slogPrefix, responseEntity.getStatusCode()));
descriptor.setInputStream(Objects.requireNonNull(responseEntity.getBody()).getInputStream());
convert(responseEntity.getBody().getInputStream(), "sherrr.pdf");
log.info("file is:"+ convert(responseEntity.getBody().getInputStream(), "sherrr.pdf"));
return descriptor;
} catch (IOException e) {
e.printStackTrace();
log.error("Error: " + slogPrefix + " generate image failed " + e.getMessage());
throw new RuntimeException(e);
}
}
从客户端连接到服务器时,请求失败。失败的原因是客户端无法验证服务器的身份/证书。在client-server握手过程中,客户端需要颁发者/根证书来验证服务器的身份。大多数由知名可信机构颁发的根证书都随JDK一起提供,并存在于名为cacerts的Keystore文件中。
让我们谈谈你的案子。它可能属于以下类别之一。
- 服务器使用的证书颁发机构颁发的证书,JDK中不存在其根证书和中间证书
- 服务器正在使用内部CA颁发的证书
- 服务器正在使用自签名证书
您需要将根证书和中间证书添加到java cacerts密钥存储中
一种获取根证书和中间证书的方法是访问浏览器中的服务器站点。单击url栏中的安全锁定板,然后浏览证书选项。您需要使用复制选项导出根证书和中间证书,并将证书文件保存在系统中。
转到存在cacerts的位置eg: C:Program FilesJavajdk1.8.0_121jrelibsecurity,打开命令提示符以执行以下命令。
keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts
默认密码为changeit
如果cacerts包含Root CA证书,但您仍然看到错误,请确保您的java程序正在获取正确的密钥库。它可能正在获取除cacerts之外的另一个密钥库。
对于那些正在使用openjdk的用户,您可以运行以下命令:
sudo keytool -import -trustcacerts -keystore /opt/homebrew/Cellar/openjdk@17/17.0.8/libexec/openjdk.jdk/Contents/Home/lib/security/cacerts -storepass {your store password if any} -noprompt -alias {any random name alias} -file {your path to certificate.cer}
根据您在机器上安装的内容替换上面的jdk版本。如果您想更改默认的java版本,可以运行/usr/libexec/java_home -v 17。用所需版本的替换17
要下载URL的证书,请执行以下操作:
- 在chrome中打开URL,单击地址栏开头的锁定按钮
- 点击";连接是安全的">
- 然后点击";证书有效";弹出窗口
- 转到"详细信息"选项卡,然后单击将下载证书的"导出">