• Java调用Azure证书错误javax.net.ssl.SSLHandshakeException

    一、背景

    Azure作为微软的公有云平台,提供了非常丰富的SDK和API让开发人员可以非常方便的调用的各项服务。公司业务需要,我们需要访问Azure上注册的应用程序,需要访问https地址

    https://login.microsoftonline.com/​your-​​tenant-id

    二、错误信息

    简短报错信息:javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    1. Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    2.         at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_332]
    3.         at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_332]
    4.         at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_332]
    5.         at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_332]
    6.         at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[na:1.8.0_332]
    7.         at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[na:1.8.0_332]
    8.         at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[na:1.8.0_332]
    9.         at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[na:1.8.0_332]
    10.         at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:1.8.0_332]
    11.         at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:1.8.0_332]
    12.         at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) ~[na:1.8.0_332]
    13.         at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) ~[na:1.8.0_332]
    14.         at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1397) ~[na:1.8.0_332]
    15.         at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1305) ~[na:1.8.0_332]
    16.         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) ~[na:1.8.0_332]
    17.         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_332]
    18.         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197) ~[na:1.8.0_332]
    19.         at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1572) ~[na:1.8.0_332]
    20.         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500) ~[na:1.8.0_332]
    21.         at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_332]
    22.         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) ~[na:1.8.0_332]
    23.         at com.microsoft.aad.msal4j.DefaultHttpClient.readResponseFromConnection(DefaultHttpClient.java:105) ~[msal4j-1.13.0.jar!/:1.13.0]
    24.         at com.microsoft.aad.msal4j.DefaultHttpClient.executeHttpGet(DefaultHttpClient.java:47) ~[msal4j-1.13.0.jar!/:1.13.0]
    25.         at com.microsoft.aad.msal4j.DefaultHttpClient.send(DefaultHttpClient.java:35) ~[msal4j-1.13.0.jar!/:1.13.0]
    26.         at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequestWithRetries(HttpHelper.java:96) ~[msal4j-1.13.0.jar!/:1.13.0]
    27.         at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequest(HttpHelper.java:49) ~[msal4j-1.13.0.jar!/:1.13.0]
    28.         ... 16 common frames omitted
    29. Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    30.         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456) ~[na:1.8.0_332]
    31.         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[na:1.8.0_332]
    32.         at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_332]
    33.         at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) ~[na:1.8.0_332]
    34.         at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223) ~[na:1.8.0_332]
    35.         at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:1.8.0_332]
    36.         at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ~[na:1.8.0_332]
    37.         ... 37 common frames omitted
    38. Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    39.         at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_332]
    40.         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_332]
    41.         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_332]
    42.         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451) ~[na:1.8.0_332]
    43.         ... 43 common frames omitted
    44.  
    45. 2022-08-16 17:26:53.542 ERROR 3480 --- [   scheduling-1] c.xx.xx.service.impl.XXServiceImpl  : get new EWS Token With Certificate error : java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalClientException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    三、问题原因和解决思路

    Java的keystore当中没有该网站https证书。需要手动使用keytool命令导入到jre里面。当然我们也可以使用Java的TrustManager忽略所有的SSL请求的证书(不推荐用于生产环境)。本次我们是直接导入对应的证书到jre里面来解决问题。

    四、获取网站的证书

    1.谷歌浏览器直接访问 https://login.microsoftonline.com/

    快捷键F12进入开发者模式。进入security安全菜单下,可以看到显示“This page is secure (valid HTTPS)”,点击“view certificate ”

     在证书界面,我们可以将证书复制到以便查看。

    直接下一步,导出格式选择base64编码。

     设置证书路径和文件名,点击完成即可。最终格式的.cer文件。

    五、导入证书

    将证书放在某个位置,建议放在C盘cert文件。

    管理员运行控制台

    先进入到Java的bin文件夹,我这里是

    cd C:\Program Files\Java\jdk1.8.0_192\bin

     执行下面的命令导入指定证书(需要根据自己的实际修改)

    keytool -import -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -file c:\cert\login.microsoftonline.com.cer

    -alias 后面是别名

    -keystore 后面是keystore路径

    -file 后面是刚刚导出的证书文件路径

    安装证书与查看证书默认密码是changeit

    六、查看证书

    # 查看所有证书

    keytool -list -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"

    # 查看指定名字的证书

    keytool -list -v -alias login.microsoftonline.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass changeit

  • 相关阅读:
    测试C#图像文本识别模块Tesseract的基本用法
    APP不存在,AK有误请检查再重试。详情查看: http://lbsyun.baidu.com/apiconsole/key
    数据中台之数据建模工程实操
    nginx常用优化
    iMazing 3 for Windows iOS设备管理软件2024最新功能解析
    【云原生】Docker的数据卷、数据卷容器,容器互联
    【STM32】WWDG—窗口看门狗
    常见的几种排序算法
    Java学习笔记5.1.2 集合 - Collectiont接口
    计算机体系结构:编译器预取例题(优化前后失效次数计算)
  • 原文地址:https://blog.csdn.net/gmaaa123/article/details/126370625