Replace SSL certificate authentication Issue--code version

The SSL certificate for the server recently expired and needs to be replaced.

Then after the replacement, request the other interface, there is an error.

Javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX Path Building failed:
        Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target At Sun.security.ssl.Alerts.getSSLException (Unknown Source) at Sun.security.ssl.SSLSocketImpl.fatal (Unknown SOURCE) at Sun.security.ssl.Handshaker.fatalSE (Unknown source) at Sun.security.ssl.Handshaker.fatalSE (unkn Own source) at Sun.security.ssl.ClientHandshaker.serverCertificate (Unknown source) at Sun.security.ssl.Cli  Enthandshaker.processmessage (Unknown source) at Sun.security.ssl.Handshaker.processLoop (Unknown source) at Sun.security.ssl.Handshaker.process_record (Unknown Source) at Sun.security.ssl.SSLSocketImpl.readRecord (Unknown S Ource) at Sun.security.ssl.SSLSocketImpl.performInitialHandshake (Unknown Source) at Sun.security.ssl.SSLSo
Cketimpl.starthandshake (Unknown Source)        At Sun.security.ssl.SSLSocketImpl.startHandshake (Unknown Source) at Org.apache.http.conn.ssl.SSLSocketFact Ory.connectsocket (sslsocketfactory.java:535) at Org.apache.http.conn.ssl.SSLSocketFactory.connectSocket ( sslsocketfactory.java:403) at Org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection ( defaultclientconnectionoperator.java:177) at Org.apache.http.impl.conn.ManagedClientConnectionImpl.open ( managedclientconnectionimpl.java:304) at Org.apache.http.impl.client.DefaultRequestDirector.tryConnect ( defaultrequestdirector.java:611) at Org.apache.http.impl.client.DefaultRequestDirector.execute ( defaultrequestdirector.java:446) at Org.apache.http.impl.client.AbstractHttpClient.doExecute ( abstracthttpclient.java:863) at Org.apache.http.impl.client.CloseableHttpClient.execute (Closeablehttpclient.java
      :) at Org.apache.http.impl.client.CloseableHttpClient.execute (closeablehttpclient.java:106)  At Com.gionee.pay.auth.PassPlainUtil.postAuthex (passplainutil.java:166) at Com.gionee.pay.goldpay.mobile.GoldPay . DoPost (goldpay.java:368) at Javax.servlet.http.HttpServlet.service (httpservlet.java:647) at Javax.servlet . http. Httpservlet.service (httpservlet.java:728) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:305) at Org.apache.catalina.core.ApplicationFilterChain.doFilter ( applicationfilterchain.java:210) at Com.gionee.pay.filter.CharacterEncodingFilter.doFilter ( characterencodingfilter.java:114) at Org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( applicationfilterchain.java:243) at Org.apache.catalina.core.ApplicationFilterChain.doFilter ( applicationfilterchain.java:210) at Org.apache.catalina.core.StandardWrapperValve.invoke ( standardwrappervalve.java:222) at Org.apache.catalina.core.StandardContextValve.invoke (Standardcontextvalve.java : 123) at Org.apache.catalina.authenticator.AuthenticatorBase.invoke (authenticatorbase.java:472) at Org.apache. Catalina.core.StandardHostValve.invoke (standardhostvalve.java:171) at Org.apache.catalina.valves.ErrorReportValve.invoke (errorreportvalve.java:99) at Org.apache.catalina.valves.AccessLogValve.invoke (accesslogvalve.java:931) at Org.apache.catalina.core.StandardEngineValve.invoke (standardenginevalve.java:118) at Org.apache.catalina.ha.tcp.ReplicationValve.invoke (replicationvalve.java:333) at Org.apache.catalina.connector.CoyoteAdapter.service (coyoteadapter.java:407) at Org.apache.coyote.http11.AbstractHttp11Processor.process (abstracthttp11processor.java:1004) at Org.apache.coyote . Abstractprotocol$abstractconnectionhandler.process (abstractprotocol.java:589) at Org.apache.tomcat.util.net.jioendpoint$socketprocessor.run (jioendpoint.java:310) at Java.util.concurrent.ThreadPoolExecutor.runWorker (Unknown source) at Java.util.concurrent.threadpoolexecutor$worker.run (Unknown source) at Java.lang.Thread.run (Un Known Source)

This question is known to be an SSL link. The above error is unable to find a valid authentication path.

This is more distressed. Always thought it was the issue of certificate replacement. But there's nothing wrong with finding out.

Back on the internet to check for a long time. Discovery is a test environment problem!

The certificate in the test environment is generated by itself, not by the CA-certified organization. So the server doesn't agree with him. Intercepted it.

So the SSL link has an error.

So here's the problem ... Test in the test environment again. However, there is no certificate of CA certification in the production environment. How about that.

Find some good posts. Solved the problem. Controlling in code, skipping SSL validation

Creates a new proxy class. The checksum method used to override SSL is to make the method empty,

Getacceptedissuers (),---> Return null

Isservertrusted (java.security.cert.x509certificate[] certs),---> return true directly

Isclienttrusted (java.security.cert.x509certificate[] certs),---> return true directly

Checkservertrusted (java.security.cert.x509certificate[] certs, String authtype),

Checkclienttrusted (java.security.cert.x509certificate[] certs, String authtype).

This avoids his validating the certificate.

/** * @author: Wuxing * @date: July 13, 2015 Morning 11:37:36 * * */public class Sslutil {/** * Test environment for Skip SSL checksum/Public static void Trustallhttpscertificates () throws Exception {javax.net.ssl.trustmanager[] trustallcerts = new Javax.net.s Sl.
		TRUSTMANAGER[1];
		Javax.net.ssl.TrustManager TM = new MiTM ();
		TRUSTALLCERTS[0] = TM;
		Javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance ("SSL");
		Sc.init (NULL, trustallcerts, NULL);
	Javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory (Sc.getsocketfactory ()); Static class MiTM implements Javax.net.ssl.TrustManager, Javax.net.ssl.X509TrustManager {@Override public java.se
		Curity.cert.x509certificate[] Getacceptedissuers () {return null;
		public boolean isservertrusted (java.security.cert.x509certificate[] certs) {return true;
		public boolean isclienttrusted (java.security.cert.x509certificate[] certs) {return true; @Override public void checkservertrusted (java.security.cert.X509certificate[] certs, String authtype) throws java.security.cert.CertificateException {return; @Override public void checkclienttrusted (java.security.cert.x509certificate[] certs, String authtype) throws Ja
		va.security.cert.CertificateException {return;
 }
	}
}

Then, before you create a new httpsurlconnection, add the following code. Skip SSL Checksum, trust all certificates

hostnameverifier HV = new Hostnameverifier () {
	@Override public
	boolean verify (String urlhostname, SSLsession session) {
		System.out.println ("Warning:url Host:" + urlhostname + "vs." + session.getpeerhost ());
		return true;
		}
	;
	Httpsurlconnection.setdefaulthostnameverifier (HV);
	try {
		sslutil.trustallhttpscertificates ();
	} catch (Exception e) {
		e.printstacktrace ();
	}

	Httpsurlconnection conn = null;
	InputStreamReader ISR = null;
	BufferedReader br = null;
	StringBuffer buffer = new StringBuffer ();
	URL serverurl = new URL (invokeurl);

After adding the above code, the problem is solved ...

Remember here to avoid mistakes in the future, but also hope to help more friends!