1

我有一个java application,它连接到一些网络服务。当我尝试调用 Web 服务的函数时,我得到一个异常。

虽然如果我从web application部署在tomcat 7服务器上的另一个调用相同的 Web 服务功能,它工作正常。

唯一的区别是我keystore.jks在 Tomcat 的主文件夹中有文件。

我怎样才能让我的 java 应用程序使用该keystore.jks文件,因为我的猜测是这是我的应用程序无法工作的原因?

这是异常的堆栈跟踪:

2013-10-11 15:24:14.0685 DEBUG main org.apache.axis.enterprise – Mapping Exception to AxisFault
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode: 
 faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 faultActor: 
 faultNode: 
 faultDetail: 
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.tieto.issuing.ws.Issuing.IssuingSoapBindingStub.addCardToStop(IssuingSoapBindingStub.java:2398)
    at ge.ufc.cscupdator.utils.IssuingWsOperationManager.addCardToStopList(IssuingWsOperationManager.java:74)
    at ge.ufc.cscupdator.CardStopCauseUpdator.main(CardStopCauseUpdator.java:51)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
4

2 回答 2

1

This error 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

indicates that the client received the SSL certificate chain from the server but was not able to verify this chain using the trust anchor (aka root CA) certificates. The default trust anchor list is stored in the lib/security/cacerts keystore file in the Java home directory.

To specify another trust store for the SSL trust anchor (in that case it is called a trust store) you have to pass this option to the client:

-Djavax.net.ssl.trustStore=/path/to/trsutstore

This trust store should contain the Root CA certificate of the server SSL certificate chain. Actually keystore.jks may contain this certifcate but it also may not. I suggest you use the keytool tool with the -list command to verify if the root CA certificate is present.

于 2013-10-11T14:33:19.003 回答
0

从网络浏览器导出,certificate然后将其导入cacert"PATH_TO_JAVA"\jdk1.7.0_25\jre\lib\securitykeytool

于 2013-10-11T14:17:20.130 回答