Resolve Java Invoke HTTPS service certificate error Javax.net.ssl.SSLHandshakeException__MYSQL

Transfer from Blog Park http://www.cnblogs.com/cloudapps/p/5022544.html
resolve Java Invoke Azure SDK certificate error javax.net.ssl.SSLHandshakeException

Azure, as Microsoft's public cloud platform, offers a wealth of SDK and APIs to enable developers to easily invoke various services, currently in addition to their own. NET, Java, Python, Nodejs, ruby,php and other languages are supported, detailed documentation please refer to:

https://azure.microsoft.com/en-us/documentation/

However, in the use of the Java language as an example, in the initial call to Azure Sdk/api, you will encounter errors similar to the following:

[WARN] Servicebuscontract-com.sun.jersey.api.client.clienthandlerexception: Javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX Path Building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target <com.sun.jersey.api.client.clienthandlerexception:javax.net.ssl.sslhandshakeexception: Sun.security.validator.ValidatorException:PKIX Path Building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target >com.sun.jersey.api.client.clienthandlerexception:javax.net.ssl.sslhandshakeexception: Sun.security.validator.ValidatorException:PKIX Path Building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target

At Com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle (urlconnectionclienthandler.java:151)

At Com.microsoft.windowsazure.services.servicebus.implementation.AuthorizationFilter.handle ( AUTHORIZATIONFILTER.JAVA:39)

At Com.microsoft.windowsazure.core.pipeline.jersey.ClientFilterRequestAdapter.handle ( CLIENTFILTERREQUESTADAPTER.JAVA:36)

At Com.sun.jersey.api.client.Client.handle (client.java:648)

。。。。。。

In fact, this error is not Azure's problem, if you search the site, as long as you use Java to access HTTPS website or services, will encounter similar errors, the most fundamental reason is that the cnnic issued by the JDK certification is not recognized, the reason why we should know:) This May, Many internet companies, such as Google and Firefox, will simply refuse to accept certificates issued by CNNIC:

https://threatpost.com/google-drops-trust-in-chinese-certificate-authority-cnnic/111974/

To get to the point, how to solve this problem.

Waiting for Oracle/google/mozilla and so on organization Trust Cnnic, come on, wash and sleep. Use Java TrustManager to ignore all SSL request certificates, only for development testing, limited to space. Introduces the certificate for importing the target Web site. Then, before you start the call, specify KeyStore OK, this article describes the method

In your IDE environment, import the following file to get the certificate of the target Web site, which was written by Sun (already received by Oracle) by Daniel, whose name was not found, I just quote, not I wrote, respect for its contribution:

Package com.azurelabs.china.tools;

/*

* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.

*

* Redistribution and use in source and binary forms, with or without

* Modification, are permitted provided that following conditions

* are met:

*

*-Redistributions of source code must retain the above copyright

* Notice, this list of conditions and the following disclaimer.

*

*-redistributions in binary form must reproduce the above copyright

* Notice, this list of conditions and the following disclaimer in the

* documentation and/or materials provided with the distribution.

*

*-Neither the name of Sun Microsystems nor the names of its

* Contributors May is used to endorse or promote products derived

* From this software without specific prior written permission.

*

* This SOFTWARE was provided by the COPYRIGHT holders and CONTRIBUTORS "as

* is ' and any EXPRESS OR implied warranties, including, BUT not LIMITED to,

* The implied warranties of merchantability and FITNESS for A particular

* Purpose ARE disclaimed. In NO EVENT SHALL the COPYRIGHT OWNER OR

* CONTRIBUTORS be liable to any DIRECT, INDIRECT, incidental, SPECIAL,

* Exemplary, or consequential damages (including, BUT not LIMITED to,

* Procurement of substitute goods or SERVICES; LOSS of Use, DATA, OR

* PROFITS; OR BUSINESS interruption) HOWEVER caused and on any theory of

* Liability, WHETHER in CONTRACT, STRICT liability, OR TORT (including

* Negligence OR otherwise) arising in any WAY out of the "use of" this

* SOFTWARE, even IF advised of the possibility of SUCH DAMAGE.

*/

Import Java.io.BufferedReader;

Import Java.io.File;

Import Java.io.FileInputStream;

Import Java.io.FileOutputStream;

Import Java.io.InputStream;

Import Java.io.InputStreamReader;

Import Java.io.OutputStream;

Import Java.security.KeyStore;

Import Java.security.MessageDigest;

Import java.security.cert.CertificateException;

Import Java.security.cert.X509Certificate;

Import Javax.net.ssl.SSLContext;

Import javax.net.ssl.SSLException;

Import Javax.net.ssl.SSLSocket;

Import Javax.net.ssl.SSLSocketFactory;

Import Javax.net.ssl.TrustManager;

Import Javax.net.ssl.TrustManagerFactory;

Import Javax.net.ssl.X509TrustManager;

public class Installcert {

public static void Main (string[] args) throws Exception {

String host;

int port;

Char[] Passphrase;

if ((args.length = 1) | | (Args.length = 2)) {

String[] C = Args[0].split (":");

host = C[0];

Port = (C.length = 1)? 443:integer.parseint (c[1]);

String p = (args.length = 1)? "Changeit": args[1];

Passphrase = P.tochararray ();

} else {

System.out

. println ("Usage:java installcert

Return

}

File File = new file ("Jssecacerts");

if (file.isfile () = = False) {

char SEP = File.separatorchar;

File dir = new file (System.getproperty ("java.home") + SEP + "Lib"

+ SEP + "security");

File = new file (dir, "jssecacerts");

if (file.isfile () = = False) {

File = new file (dir, "cacerts");

}

}

System.out.println ("Loading KeyStore" + file + "...");

InputStream in = new FileInputStream (file);

KeyStore ks = Keystore.getinstance (Keystore.getdefaulttype ());

Ks.load (in, passphrase);

In.close ();

Sslcontext context = sslcontext.getinstance ("TLS");

Trustmanagerfactory TMF = trustmanagerfactory

. getinstance (Trustmanagerfactory.getdefaultalgorithm ());

Tmf.init (KS);

X509trustmanager Defaulttrustmanager = (x509trustmanager) TMF

. Gettrustmanagers () [0];

Savingtrustmanager TM = new Savingtrustmanager (Defaulttrustmanager);

Context.init (NULL, new trustmanager[] {TM}, NULL);

Sslsocketfactory factory = Context.getsocketfactory ();

System.out

. println ("Opening connection to" + Host + ":" + Port + "...");

Sslsocket socket = (sslsocket) factory.createsocket (host, Port);

Socket.setsotimeout (10000);

try {

System.out.println ("Starting SSL handshake ...");

Socket.starthandshake ();

Socket.close ();

System.out.println ();

System.out.println ("No errors, certificate is already trusted");

catch (Sslexception e) {

System.out.println ();

E.printstacktrace (System.out);

}

x509certificate[] chain = Tm.chain;

if (chain = = null) {

System.out.println ("Could not obtain server certificate chain");

Return

}

BufferedReader reader = new BufferedReader (New InputStreamReader (

system.in));

System.out.println ();

System.out.println ("Server sent" + Chain.length + "certificate (s):");

System.out.println ();

MessageDigest SHA1 = messagedigest.getinstance ("SHA1");

MessageDigest MD5 = messagedigest.getinstance ("MD5");

for (int i = 0; i < chain.length; i++) {

X509Certificate cert = Chain[i];

System.out.println ("" + (i + 1) + "Subject"

+ CERT.GETSUBJECTDN ());

System.out.println ("Issuer" + Cert.getissuerdn ());

Sha1.update (cert.getencoded ());

System.out.println ("SHA1" + tohexstring (Sha1.digest ()));

Md5.update (cert.getencoded ());

SYSTEM.OUT.PRINTLN ("MD5" + tohexstring (Md5.digest ()));

System.out.println ();

}

System.out

. println ("Enter certificate to add to trusted KeyStore or ' Q ' to quit: [1]");

String line = Reader.readline (). Trim ();

int k;

try {

K = (line.length () = = 0)? 0:integer.parseint (line)-1;

catch (NumberFormatException e) {

System.out.println ("KeyStore not Changed");

Return

}

X509Certificate cert = chain[k];

String alias = host + "-" + (k + 1);

Ks.setcertificateentry (alias, cert);

OutputStream out = new FileOutputStream ("Jssecacerts");

Ks.store (out, passphrase);

Out.close ();

System.out.println ();

SYSTEM.OUT.PRINTLN (CERT);

System.out.println ();

System.out

. println ("Added certificate to KeyStore ' Jssecacerts ' using alias '"

+ alias + "'");

}