SunCertPathBuilderException:无法在CN1应用程序中找到所请求目标的有效证书路径
请帮忙。
我有一个Codenameone应用程序向云Tomcat 8服务器发出GET请求,并期望得到一些响应JSON。重要的是,这是一个HTTPS通话。
Please can you help. I have a Codenameone app that issues a GET request to a cloud Tomcat 8 server, and expects back some response JSON. Importantly this is a HTTPS call.
当我在邮递员中运行请求时,工作正常:
When i run the request in Postman it works fine:
https://www.mydomain.co.uk:8443/MyProject/v1/generate_token
通过我的浏览器使用相同的URL并显示为安全,我可以看到我的证书详细信息。
我已经为我的SSL / TLS配置购买了证书,并且似乎在启动时的日志中正常运行。
The same URL through my browser works and shows as 'Secure' and i can see my certificate details. I have bought a certificate for my SSL/TLS configuration, and seems to function fine in the logs on startup.
在模拟器中我得到以下信息从URL调用读取响应时出错 - 我猜必须加密:
In the simulator i get back the following error at the point of reading the response back from the URL call - which i guess must be encrypted:
Exception: javax.net.ssl.SSLHandshakeException - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
at com.codename1.impl.javase.JavaSEPort.getResponseCode(JavaSEPort.java:7591)
at com.codename1.io.ConnectionRequest.performOperation(ConnectionRequest.java:702)
at com.codename1.io.NetworkManager$NetworkThread.run(NetworkManager.java:282)
at com.codename1.impl.CodenameOneThread.run(CodenameOneThread.java:176)
为什么应用程序应该是任何不同于邮差发出呼叫(网络监视器窗口确认相同的URL呼叫)?
Why should the app be any different to Postman making the call (the Network Monitor window confirms the same URL call) ?
我的呼叫后没有任何日志正在更新,因此无需检查。我没有对我的应用程序(这是有效的)进行任何更改,因为从http移动到https。
None of the logs are being updated after my call, so nothing to check there. I haven't made any changes to my app (which was working) since moving from http to https.
这是拨打电话的CN1代码:
Here is the CN1 code making the call:
public String fetchTokenIntoStorage(String userName, String password) {
ConnectionRequest r = new ConnectionRequest();
r.setUrl(Constants.URL_HOST_PORT + "/MyProject" + Constants.LIVE_OR_TEST
+ "/v1/generate_token");
r.addRequestHeader("Content-Type", "application/json");
r.addRequestHeader("userName", userName);
r.addRequestHeader("password", password);
r.setHttpMethod("GET");
r.setFailSilently(false);
r.setPost(false);
// show spinning dialog while connecting
InfiniteProgress prog = new InfiniteProgress();
Dialog dlg = prog.showInifiniteBlocking();
r.setDisposeOnCompletion(dlg);
NetworkManager.getInstance().setTimeout(10000);
// NetworkManager.getInstance().addErrorListener(new ActionListener() {
//
// @Override
// public void actionPerformed(ActionEvent evt) {
// MessageBox.showDialogMessage("Unable to connect to server. Please
// retry later.");
// }
// });
// NetworkManager.getInstance().updateThreadCount(2);
NetworkManager.getInstance().addToQueueAndWait(r);
if (r.getResponseData() != null) {
JSONParser parser = new JSONParser();
Map<String, Object> json = null;
try {
json = parser.parseJSON(new InputStreamReader(new ByteArrayInputStream(r.getResponseData())));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (json.get("error") != null) {
return String.valueOf(json.get("error"));
}
JwtRecord record = new JwtRecord();
record.userId = Integer.parseInt(String.valueOf(json.get("userId")));
record.jsonWebToken = (String) json.get("jwt");
record.theme = "LIGHT";
Storage.getInstance().writeObject("MyToken", record);
return "";
}
if (!r.getResponseErrorMessage().equalsIgnoreCase("")) {
return r.getResponseErrorMessage();
} else {
return "Unable to connect to server. Please check connection.";
}
}
单步执行代码后,似乎错误
Stepping through the code it seems to error just after
NetworkManager.getInstance().addToQueueAndWait(r);
r.getResponseData()和r.getResponseErrorMessage()为空。
The r.getResponseData() and r.getResponseErrorMessage() are null.
非常感谢
现在正在运作。
-
(在云端tomcat上)我确保根证书和中间证书在我的密钥库中(根据链接我以前包括在内)。我在密钥库中包含了我的.ca-bundle以便进行测量。
(On cloud tomcat) I made sure the root certificate and the intermediary certificate were in my keystore (as per the links i previously included). I included my .ca-bundle in the keystore for good measure.
(在云端tomcat上)我注意到我使用的是旧配置的Apache配置(关于依赖旧论坛帖子的经验教训)。需要让SSLCACertificateFile指向我的.ca-bundle文件,而不是在我的apache .conf文件中使用SSCertificateChainFile。
(On cloud tomcat) And i noticed i was using an older version of the Apache configuration (lesson learned about relying on older forum posts). Needed to have SSLCACertificateFile pointing to my .ca-bundle file, rather than using SSCertificateChainFile, in my apache .conf file.
我的模拟器上仍然出错但是适用于我的iphone,它指出(正如Shai所说)不同的JDK我期待的,所以我的笔记本电脑升级到更高的JDK 1.8.171。这本身并没有什么区别,但可能是必需的。
It still error on my simulator but works on my iphone, which points (as Shai says) to differing JDK's i expect, so upgraded my laptop to the higher JDK 1.8.171. This didn't in itself make a difference but probably required.
通过挖掘我意识到我的笔记本电脑上的模拟器也需要上述功能。所以我最终在管理员的命令提示符下运行下面的语句,现在我的模拟器正在运行。
Through digging around i realised that simulators on my laptop needed the above also. So i ended up running the statements below, in command prompt as Administrator, and now my simulator is working.
cd%java_home%\ jre \lib \ security
cd %java_home%\jre\lib\security
path =%java_home\bin
path=%java_home\bin
keytool -import -alias comodo -keystore cacerts -file C: \路径\ ComodoRoot.cer
keytool -import -alias comodo -keystore cacerts -file C:\path\ComodoRoot.cer
keytool -import -alias comodo_intermediate -keystore cacerts -file C:\ path \ ComodoInter.cer
keytool -import -alias comodo_intermediate -keystore cacerts -file C:\path\ComodoInter.cer
keytool -import -alias buying_cert -keystore cacerts -file C:\ path \ my_purchased_cert.crt
keytool -import -alias purchased_cert -keystore cacerts -file C:\path\my_purchased_cert.crt