开发者

SSL Self-signed Expired Certificate in Java

Hi I am accessing a developmental API that only has a self signed, expired certificate through Java, and unexpectedly I am getting the error about unable to find valid certification path to requested target. so I went to the url with firefox and exported the certificate to add to my keystore, using keytool -importcert -alias mycert -fil开发者_StackOverflow中文版e mycert.cert -keystore cacert, thinking that it should work now. But upon making the call, I am still getting the same error.

Am I missing some step to link up the cert to java?

the error is

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 22 more

UPDATE: problem solved. location of keystore was wrong. should be {location of java home}/lib/security/cacerts


exported the certificate to add to my keystore

No you didn't, you added it to your truststore. You shouldn't modify the one in the JRE, for the reason GregS gave, you should create your own and tell the server to use it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜