No abnormal installation request a certificate corresponding interfaces:> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As colleagues error during software upgrade when the software group to see its error, the initial judge their java jdk package and the company certificate is not installed resulted from
solution:
安装jdk软件
1、下载linux的jdk版本
#mkdir /application && cd /application
# wget https://download.oracle.com/otn/java/jdk/11.0.5+10/e51269e04165492b90fa15af5b4eb1a5/jdk-11.0.5_linux-x64_bin.tar.gz?AuthParam=1571751391_d13df5b618e17c92b768f1f09a9ead41
2、安装jdk
这里下载的是tar.gz二进制版本,只需要解压就可以使用了
#mkdir -p /usr/local/java #建立java目录
#tar xf jdk-11.0.5_linux-x64.bin.tar.gz -C /usr/local/java
#把jdk解压到指定目录
#vim /etc/profile
JAVA_HOME=/usr/local/java/jdk-13.0.1;export JAVA_HOME
PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/lib
#source /etc/profile
3、上传公司证书和导入证书
#cd /usr/local/java && rz
上传公司的crt证书,我以我司的为例,导入server.crt
# keytool -import -alias server.crt -keystore cacerts -file /usr/local/java/server.crt -trustcacerts
#命令keytool就是导入证书的命令,其中第一个server.crt为现在证书的路径,我这里路径为/usr/local/java
#第二个server.crt为导入后的证书别名,我这里与原证书名一致
Enter keystore password: #这里提示输入口令,默认为changeit
Re-enter new password: #下面为公司的证书内容
Owner: CN=*.luxshare-ict.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Serial number: 1294f3aa047d0ab5dba26e74866f4e8c
Valid from: Wed Jul 19 08:00:00 CST 2017 until: Sat Oct 17 07:59:59 CST 2020
Certificate fingerprints:
MD5: 7E:BD:72:8C:B3:94:70:59:3A:CA:98:3E:1E:2B:98:86
SHA1: 66:AF:D3:22:7F:C5:5B:B4:DC:1B:24:C2:17:D5:40:C3:7F:94:CB:EE
SHA256: 04:4A:66:2D:CD:75:86:B8:E1:1F:D7:A6:3D:63:BF:6C:03:6F:AC:AC:45:57:32:F2:1C:C7:44:11:80:AC:10:ED
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.comodoca.com
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.
0010: 3A 28 DA E7 :(..
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure
0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#7: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
#8: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.luxshare-ict.com
DNSName: luxshare-ict.com
]
#9: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 9B 0D 21 28 B7 E3 79 C5 2D 7F FB 84 00 CD 31 ...!(..y.-.....1
0010: 34 E5 70 D3 4.p.
]
]
Trust this certificate? [no]: y #这里提示是否信任此证书,默认输入y
Certificate was added to keystore
经过上面一步,则完成证书导入,但是否导入成功,可使用命令先测试一下,
#查看某个证书
#keytool -list -keystore cacerts |grep server #查看公司证书
Enter keystore password: changeit
server.crt, Nov 8, 2019, trustedCertEntry, #查看证书
后来与软件组同事沟通,发现可以正常使用了,至此java派来出来的证书问题解决了。特此记录一下,以方便日后查看
至于命令keytool的使用,可以使用man来查看,
基本上导入证书的话,使用keytool -import
查看证书的话,使用keytool -listAs for the windows would be easy to import the certificate, you can refer to Baidu, or communicate with me, I'll give you.