OpenJDK 10拒绝所有SSL证书。
OpenJDK 10拒绝所有SSL证书。
提问于 2019-05-31 20:19:14
我安装了OpenJDK 10,我所做的就是解压它,设置PATH变量和JAVA_HOME变量。
Java甚至拒绝google.de的证书(以及我尝试过的所有其他证书)。我通过一些尝试连接的虚拟类对此进行了测试。结果是:
C:\Users\Alexander\Downloads>java SSLPoke google.de 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:226)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:733)
at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:67)
at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:81)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 18 more我在网上找到了很多如何向java添加特殊证书的方法,但我认为在我的java安装中,总体上有些地方是错误的。
所以我的问题是什么会导致这样的事情?
回答 2
Stack Overflow用户
发布于 2019-05-31 20:27:32
您应该在cacerts密钥库中验证根证书。该文件存储在JAVA_HOME/jre/lib/security/cacerts中(在较新的Java版本中为JAVA_HOME/lib/security/cacerts )。根据OpenJDK 10 Now Includes Root CA Certificates帖子,您可以使用keytool命令对它们进行计数:
>jdk-10\bin\keytool -cacerts -list | find "Certificate" /c
Enter keystore password: changeit
80很可能您的Java安装已损坏,您应该重新安装。请注意,OpenJDK是由多个供应商提供的,您可能正在使用不安装根证书的安装程序。
Stack Overflow用户
发布于 2019-05-31 21:31:31
最终安装了oracle jdk 10 (也是10.0.2),并且工作正常
C:\Users\Alexander\Downloads>java "SSLPoke" google.de 443
Successfully connected页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/56395019
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号