连接到URL PKIX路径生成失败时出现java错误
我正在尝试连接到一个网页来收集信息,我正在使用jsoup来解析HTML。但是,每当我尝试连接到URL下载源代码时,我都会收到一个错误消息,说明PKIX构建路径。 我环顾四周,发现所有东西都表明要将网站的CA根证书添加到我的信任库中,我确实这样做了,但问题仍然存在(CA根证书已经存在)。我可以通过网络浏览器连接到网站,但不能通过URL类。下面是我能写的最基本的代码,它会产生错误
public class URLConnectStart {
public static void main(String[] args) {
try {
URL u = new URL("https://ntst.umd.edu/soc/");
u.openStream();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
这里是错误
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at URLConnectStart.run(URLConnectStart.java:14)
at URLConnectStart.main(URLConnectStart.java:8)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more
来自chrome的关于网站证书的信息
任何帮助都将不胜感激。这不是一个关键的应用程序,所以安全性并不是那么重要,但如果我能维护安全性,我宁愿这样做。不管怎样,我想做的就是通过代码下载这个网站的HTML
多谢各位
# 1 楼答案
完成证书链所需的网站does not provide an intermediate certificate。一些用户代理/浏览器有一个名为AIA的功能,可以下载必要的中间产品,但Java客户端不是其中之一
如果您是站点管理员,解决此问题的正确方法是提供中间证书,以便发送完整的链。即使你是一个终端用户,也要考虑联系网站来解决这个问题。由于此问题,使用Android浏览器的用户如果不接受安全警告,也将无法访问此网站
同时,如果您想在您的客户机中解决这个问题,您可以download the missing intermediate cert和add it to your Java certificate store
# 2 楼答案
您可以手动将证书安装到java密钥库
清除是否存在任何别名的第一个命令(我更喜欢在windows中从JAVA_HOME运行此命令,以便路径与此相对。如果从外部运行,请相应地更改路径
现在我们需要安装证书
密钥库的默认密码是changeit
如果您有多个证书,请将此命令添加到文本文件中,并将其保存为bat扩展名,然后放入JAVA\u HOME\bin或任何您喜欢的位置。确保所提到的路径是相对的
如果您的jre在jdk之外,请提供该jre的路径