Code
2023-05-19 07:00:09

“PKIX路径构建失败”和“无法找到请求目标的有效认证路径”

我试图使用twitter4j库为我的java项目获得推文,它在封面下使用java.net.HttpURLConnection(可以在堆栈跟踪中看到)。在我第一次运行时,我得到了一个关于证书sun.security.validator.ValidatorException和sun.security.provider.certpath.SunCertPathBuilderException的错误。然后我添加了twitter证书:

C:\Program Files\Java\jdk1.7.0_45\jre\lib\security>keytool -importcert -trustcacerts -file PathToCert -alias ca_alias -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"

但是没有成功。以下是获取推文的流程:

public static void main(String[] args) throws TwitterException {
    ConfigurationBuilder cb = new ConfigurationBuilder();
    cb.setDebugEnabled(true)
        .setOAuthConsumerKey("myConsumerKey")
        .setOAuthConsumerSecret("myConsumerSecret")
        .setOAuthAccessToken("myAccessToken")
        .setOAuthAccessTokenSecret("myAccessTokenSecret");
    
    TwitterFactory tf = new TwitterFactory(cb.build());
    Twitter twitter = tf.getInstance();
    
    try {
        Query query = new Query("iphone");
        QueryResult result;
        result = twitter.search(query);
        System.out.println("Total amount of tweets: " + result.getTweets().size());
        List<Status> tweets = result.getTweets();
        
        for (Status tweet : tweets) {
            System.out.println("@" + tweet.getUser().getScreenName() + " : " + tweet.getText());
        }
    } catch (TwitterException te) {
        te.printStackTrace();
        System.out.println("Failed to search tweets: " + te.getMessage());
    }

这里是错误:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
    http://www.google.co.jp/search?q=d35baff5 or
    http://www.google.co.jp/search?q=1446302e
TwitterException{exceptionCode=[d35baff5-1446302e 43208640-747fd158 43208640-747fd158 43208640-747fd158], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5}
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
    at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
    at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:81)
    at twitter4j.TwitterImpl.get(TwitterImpl.java:1929)
    at twitter4j.TwitterImpl.search(TwitterImpl.java:306)
    at jku.cc.servlets.TweetsAnalyzer.main(TweetsAnalyzer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at twitter4j.internal.http.HttpResponseImpl.<init>(HttpResponseImpl.java:34)
    at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:141)
    ... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 26 more
Failed to search tweets: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

当前回答

如果您正在使用CloudFoundry并遇到证书问题,那么您必须确保再次使用包含证书的keystore-service来推动jar。简单地解绑定、绑定和重新启动是行不通的。

2019-03-05 22:39:39

其他回答

当java应用程序试图与另一个应用程序/站点通信时,如果您在linux容器中看到此问题,这是因为证书已错误地导入到负载均衡器中。导入证书需要遵循一系列步骤,如果操作不正确,您将看到如下问题

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target

一旦正确地导入了证书,就应该这样做。不需要修补任何JDK证书。

2019-07-03 20:11:18

1 .首先,将你的crt文件导入到{JAVA_HOME}/jre/security/cacerts中,如果你仍然遇到这个异常,改变你的jdk版本。例如,从jdk1.8.0_17到jdk1.8.0_231

2021-02-02 12:26:16

受信任的证书存储在密钥工具中。当没有在关键工具中添加任何网站受信任证书时,会发生此错误。除上述答案外,请参考

面对PKIX路径构建失败的异常硒断链接脚本

2022-10-04 05:22:29

在花了好几个小时试图构建证书文件以使我的Java 6安装能够与新的twitter证书一起工作之后,我终于无意中发现了一个隐藏在留言板上的评论中令人难以置信的简单解决方案。只需从Java 7安装中复制cacerts文件,并覆盖Java 6安装中的cacerts文件。可能最好先备份cacerts文件,但随后只需复制新文件,然后嘣!它就是有用。

注意,我实际上复制了一个Windows cacerts文件到Linux安装中,它工作得很好。

该文件位于旧的和新的Java jdk安装中的jre/lib/security/cacerts中。

希望这能帮别人省下几个小时的麻烦。

2014-02-02 05:55:14

这不是twitter特有的答案,但这是在搜索此错误时出现的问题。如果您的系统在连接到一个在web浏览器中查看时似乎具有有效证书的网站时接收到此错误,这可能意味着该网站具有不完整的证书链。

简单总结一下这个问题:证书颁发机构不会使用他们的根证书对任何旧证书进行签名。相反,它们(通常)签署也设置了证书颁发机构标志的中间证书(也就是说,允许签署证书)。然后,当您从CA购买证书时,他们将使用这些中间证书之一签署您的CSR。

您的Java信任存储区很可能只有根证书,而没有中间证书。

错误配置的站点可能只返回已签名的证书。问题:该站点使用的中间证书不在您的信任存储区中。浏览器将通过下载或使用缓存的中间证书来处理这个问题;这最大限度地提高了网站的兼容性。然而,Java和像OpenSSL这样的工具不会。这会导致问题中的错误。

您可以通过使用Qualys SSL测试来验证这种怀疑。如果你在网站上搜索,上面写着

此服务器的证书链不完整。

那就证实了这一点。您还可以通过查看认证路径并查看文本Extra Download来了解这一点。

How to fix it: the server administrator needs to configure the web server to return the intermediate certificates as well. For Comodo, for example, this is where the .ca-bundle file comes in handy. For example, in an Apache configuration with mod_ssl, you'd use the SSLCertificateChainFile configuration setting. For nginx, you need to concatenate the intermediate certificates and the signed certificate and use that in the SSL cert configuration. You can find more by searching for "incomplete certificate chain" online.

2017-11-30 00:13:45

推荐文章

aliyun

最新文章

标签

2025 code 京ICP备15047053号-1