访问外部SOAP Web服务时抛出异常:
javax.xml.ws.WebServiceException:
Failed to access the WSDL at:
https://<IP>/ws/services/Webservice?wsdl.
It failed with:
java.security.cert.CertificateException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target.
我无法访问这个URL,我需要为我的客户发送WAR文件,他需要在另一个环境中部署,即IBM Liberty应用程序服务器,他说已经在其中配置了三个证书:根证书、中间证书和真正的证书本身。
坚持必须在代码中重构一些东西,我在调用外部端点之前这样做了,并将证书作为certificateFile参数传递(它们都在src/main/resources中(:
Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(certificateFile));
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("server", certificate);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
if (url.contains("https")) {
HttpsURLConnection connection = (HttpsURLConnection) new URL(url).openConnection();
connection.setSSLSocketFactory(sslContext.getSocketFactory());
} else if (url.contains("http")) {
new URL(url).openConnection();
}
信任这些证书的真正步骤是什么?这些步骤必须在哪里完成(应用程序、服务器、机器JVM,等等(?
如果它在Liberty内部运行,则不需要任何特殊代码。他们可能需要将远程Web服务中的证书添加到Liberty的信任存储中,如下所示:https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_add_trust_cert.html