Our site to be HTTPS modified, configured on the purchase of SSL certificate, the browser access is normal, but wrote a Java code with httpcomponents call HTTPS rest interface times wrong:
Exception in thread "main" Javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX path Building failed:sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to Requested target
At Sun.security.ssl.Alerts.getSSLException (alerts.java:192)
At Sun.security.ssl.SSLSocketImpl.fatal (sslsocketimpl.java:1904)
At Sun.security.ssl.Handshaker.fatalSE (handshaker.java:279)
At Sun.security.ssl.Handshaker.fatalSE (handshaker.java:273)
At Sun.security.ssl.ClientHandshaker.serverCertificate (clienthandshaker.java:1446)
At Sun.security.ssl.ClientHandshaker.processMessage (clienthandshaker.java:209)
At Sun.security.ssl.Handshaker.processLoop (handshaker.java:901)
At Sun.security.ssl.Handshaker.process_record (handshaker.java:837)
At Sun.security.ssl.SSLSocketImpl.readRecord (sslsocketimpl.java:1023)
At Sun.security.ssl.SSLSocketImpl.performInitialHandshake (sslsocketimpl.java:1332)
At Sun.security.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1359)
At Sun.security.ssl.SSLSocketImpl.startHandshake (sslsocketimpl.java:1343)
At Org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket (sslconnectionsocketfactory.java:394)
At Org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket (sslconnectionsocketfactory.java:353)
At Org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect ( defaulthttpclientconnectionoperator.java:141)
At Org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect (Poolinghttpclientconnectionmanager.java : 353)
At Org.apache.http.impl.execchain.MainClientExec.establishRoute (mainclientexec.java:380)
At Org.apache.http.impl.execchain.MainClientExec.execute (mainclientexec.java:236)
At Org.apache.http.impl.execchain.ProtocolExec.execute (protocolexec.java:184)
At Org.apache.http.impl.execchain.RetryExec.execute (retryexec.java:88)
At Org.apache.http.impl.execchain.RedirectExec.execute (redirectexec.java:110)
At Org.apache.http.impl.client.InternalHttpClient.doExecute (internalhttpclient.java:184)
At Org.apache.http.impl.client.CloseableHttpClient.execute (closeablehttpclient.java:82)
At Org.apache.http.impl.client.CloseableHttpClient.execute (closeablehttpclient.java:107)
At Com.duiba.activity.cmsweb.controller.DappConfigCtrl.main (dappconfigctrl.java:1248)
At Sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
At Sun.reflect.NativeMethodAccessorImpl.invoke (nativemethodaccessorimpl.java:57)
At Sun.reflect.DelegatingMethodAccessorImpl.invoke (delegatingmethodaccessorimpl.java:43)
At Java.lang.reflect.Method.invoke (method.java:606)
At Com.intellij.rt.execution.application.AppMain.main (appmain.java:147)
caused By:sun.security.validator.ValidatorException:PKIX path building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
At Sun.security.validator.PKIXValidator.doBuild (pkixvalidator.java:385)
At Sun.security.validator.PKIXValidator.engineValidate (pkixvalidator.java:292)
At Sun.security.validator.Validator.validate (validator.java:260)
At Sun.security.ssl.X509TrustManagerImpl.validate (x509trustmanagerimpl.java:326)
At sun.security.ssl.X509TrustManagerImpl.checkTrusted (x509trustmanagerimpl.java:231)
At sun.security.ssl.X509TrustManagerImpl.checkServerTrusted (x509trustmanagerimpl.java:126)
At Sun.security.ssl.ClientHandshaker.serverCertificate (clienthandshaker.java:1428)
... More
caused By:sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to Requested target
At Sun.security.provider.certpath.SunCertPathBuilder.engineBuild (suncertpathbuilder.java:196)
At Java.security.cert.CertPathBuilder.build (certpathbuilder.java:268)
At Sun.security.validator.PKIXValidator.doBuild (pkixvalidator.java:380)
... More
Online Search a bunch of information, or to put the site certificate in a directory, or to change the code, there is no I want, because it is impossible for other developers to do these things.
Later learned about the certificate chain, only to know how to solve the problem. The certificate chain can be read here: http://blog.sina.com.cn/s/blog_53ed87c10102vn8b.html
This problem arises because we use only the issued certificate when we configure the certificate, and the Java client cannot find the trusted superior certificate, so the error is not available. The solution is also very simple, the intermediate certificate, the root certificate attached to the signing of the certificate can be, the specific method reference here: https://yq.aliyun.com/articles/26569
This article is from "Wolf" blog, please make sure to keep this source http://huangwq.blog.51cto.com/10299403/1859536
Java calls HTTPS service error Unable to find valid certification path to requested target workaround