尝试从 aws lambda 连接到外部 soap 服务,但出现异常。
com.sun.xml.internal.ws.client.Client.ClientTransportException: HTTP 传输错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX 路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException: 找不到所请求目标的有效证书路径
尝试从本地环境调用服务时,我遇到了相同的异常。使用 keytool 命令在 jre/lib/security 文件夹中导入安全证书后,它会得到解决。
如何在 AWS 中导入外部安全证书以解决异常。
我已经浏览了下面的链接。
注::I有来自浏览器的证书,但我没有私钥。
这就是我解决这个问题的方式:
//locate the default truststore
String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(filename)) {
keystore.load(fis, "changeit".toCharArray());
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
//Input stream to cert file
Certificate caCert = cf.generateCertificate(IOUtils.toInputStream(CA_CERT));
keystore.setCertificateEntry("ca-cert", caCert);
//can only save to /tmp from a lambda
String certPath = "/tmp/CustomTruststore";
try (FileOutputStream out = new FileOutputStream(certPath)) {
keystore.store(out, "MyPass".toCharArray());
}
System.setProperty("javax.net.ssl.trustStore", certPath);
System.setProperty("javax.net.ssl.trustStorePassword","MyPass");