我的程序中有一些代码可以设置套接字连接,然后写入远程服务器。
//Get Socket, set timeout, and initialize I/O streams
SSLSocket sock = null;
try {
InetAddress host = InetAddress.getByName("212.32.251.215");
int port = 55540;
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
sock = (SSLSocket) sslsocketfactory.createSocket(host, port);
} catch (Exception e) {
e.printStackTrace();
}
sock.setSoTimeout(100000);
OutputStream out = sock.getOutputStream();
BufferedInputStream in = new BufferedInputStream(sock.getInputStream());
//Get Message (Compress and Encrypt)
byte[] msg = buildMsg();
//Send message to Server
out.write(msg);
out.flush();
在我的本地机器上,一切运行顺利,但在我的云服务器上,我遇到了一个熟悉的错误——javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target。
我已确保证书与keytool -list -v -keystore /etc/pki/java/cacerts -alias myalias一起在证书中。 我还检查了此 cacerts 是否是我的 java 应用程序的默认信任库,其返回System.getProperty("javax.net.ssl.trustStore");/etc/pki/java.话虽如此,我什至尝试过System.setProperty("javax.net.ssl.trustStore", "/etc/pki/java/cacerts");有人的建议,他说Tomcat忽略了他们的默认信任商店。 另外,是的,这是我服务器中所有 jre 版本的 cacerts 位置,每个 jre 都有一个 cacerts,但它是指向这个规范位置的符号链接。
在这一点上,我不知道为什么我仍然得到这个错误; 任何建议或解决方案都值得赞赏。谢谢。
我最终通过显式创建一个 trustStore 来解决这个问题,而不是依靠 java 来找到它。
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(mypath), password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
SSLContext sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sslsocketfactory = sslcontext.getSocketFactory();
InetAddress host = InetAddress.getByName("212.32.251.215");
int port = 55540;
sslsocket = (SSLSocket) sslsocketfactory.createSocket(host, port);