问题描述

我有一个Java JAR应用程序，该应用程序连接到在HTTPS后面的服务器上运行的Java Web服务.如果我使用Oracle Java 1.6运行JAR，则SSL握手成功.但是，如果我使用Oracle Java 1.7或更高版本运行它，则总是会遇到异常:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have a Java JAR application which connects to the Java web service running on a server behind HTTPS. If I run the JAR with Oracle Java 1.6, then the SSL handshake is successful. However, If I run it with Oracle Java 1.7 or newer, I always get the exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我已将证书导入到cacert文件，并已使用VM变量javax.net.ssl.trustStore设置文件的路径.

I have imported the certificates to the cacert file, and have used VM variable javax.net.ssl.trustStore to set the path to the file.

我发现在不同的Java版本中jsse.jar有所不同.

I have found out that there are differences in jsse.jar in different Java version.

此外，此应用程序在安装了IBM版本的Java的Unix机器上的工作方式与预期的一样:IBM J9 VM (build 2.7, JRE 1.7.0

Also, this application works like expected on a Unix machine which has IBM version of Java installed: IBM J9 VM (build 2.7, JRE 1.7.0

而且，它可以与Widnows上的IBM JRE一起正常工作

And, it works correctly with IBM JRE on Widnows:

IBM J9 VM (build 2.8, JRE 1.8.0)

该如何解决?

推荐答案

我解决了这个问题！ Java在jre/lib/security文件夹中具有java.security文件，并且该文件具有属性keystore.type.该属性设置为Windows-ROOT，但是我已经在cacerts文件中导入了证书，并且该属性应该设置为jks，以便Java读取cacerts文件！

I solved this! Java has java.security file in jre/lib/security folder, and that file has a property keystore.type. This property was set to Windows-ROOT, but I have imported certificates in cacerts file, and the property should be set to jks so that Java reads the cacerts file!

这篇关于sun.security.validator.ValidatorException:PKIX路径构建失败，java> 1.6的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！