When working on an ETC project recently, javax.net.ssl.SSLHandshakeException occurred when calling the ETC interface.
Complete exception information:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The above exception information prompts: the request target did not find a valid certification path. The HTTPS secure network communication protocol is used to access the ETC interface. The cause of this problem is that the JVM environment where the application is located does not find the correct certificate file.
In fact, the solution is quite simple, that is, download the certificate of the interface address and install it in the environment where the JVM is located. Specific steps are as follows:
-
Step 1: Enter the address of the interface that the application needs to call on the browser, then press F12, and then click the View certificate button in the security column;
remember the name of the certificate:
-
Step 2: Enter in "Run"
certmgr.msc
, open the certificate management window, and find the certificate file we need to download;
-
Step 3: Select the certificate file that needs to be downloaded, then right-click the mouse -> All Tasks -> Export, and export the certificate to the local disk;
-
Step 4: Open the command window, and then execute the
keytool
command to install the certificate into the local environment;
参数说明:
-import 导入证书操作
-alias 秘钥对的别名
-keystore 秘钥对的路径及名称
-file 证书文件的路径
-trustcacerts 告诉keytool您要将其导入作为受信任的证书
E.g:
keytool -import -alias cacerts -keystore cacerts -file D:\JavaEE\JDK\jdk1.8.2\jre\lib\security\zsetc.crt -trustcacerts
Enter the password of the key store and press Enter.
If you want to view the installed certificates, you can execute the following command:
keytool -list -v -alias cacerts -keystore cacerts -storepass 秘钥库的口令
Delete certificate:
keytool -delete -alias cacerts -keystore cacerts -storepass 秘钥库的口令
In addition to the above methods, three new root certificates have been added to the JDK 8u101 version (https://bugs.openjdk.java.net/browse/JDK-8154757).
Therefore, the above problems can also be solved by upgrading the JDK.