本文介绍了PKIX路径构建在Java应用程序中失败的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 我将应用程序从Windows 2000移动到Windows 2008 R2服务器后，一直在努力将近一个星期让我的应用程序运行。 过程： p> 安装的Java JDK 1.7.0_25 设置系统环境变量 JAVA_HOME 到 C：\Progra〜1\Java\jdk1.7.0_25\ 导入证书成为cacerts与 keytool 确保证书存在于 keytool 中 -list 。 我已经尝试重复步骤3 与 InstallCert ，以确保我没有弄乱任何东西。 上述方法没有解决我的问题，所以我试图以编程方式执行： System.setProperty（javax.net.ssl.trustStore，C：/Progra~1/Java/jdk1.7.0_25/jre/lib/security/cacerts）; System.setProperty（javax.net.ssl.trustStorePassword，changeit）; 仍然没有任何运气。我被卡住了，不太确定从这里走哪个方向。 堆栈跟踪： javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效认证路径 at sun.security.ssl.Alerts.getSSLException（Alerts.java:192） at sun.security.ssl.SSLSocketImpl.fatal（SSLSocketImpl.java:1886） at sun.security.ssl.Handshaker .fatalSE（Handshaker.java:276） at sun.security.ssl.Handshaker.fatalSE（Handshaker.java:270） at sun.security.ssl.ClientHandshaker.serverCertificate（ClientHandshaker.java:1341 ） at sun.security.ssl.ClientHandshaker.processMessage（ClientHandshaker.java:153） at sun.security.ssl.Handshaker.processLoop（Handshaker.java:868） at sun。 security.ssl.Handshaker.process_record（Handshaker.java:804） at sun.security.ssl.SSLSocketImpl .readRecord（SSLSocketImpl.java:1016） at sun.security.ssl.SSLSocketImpl.performInitialHandshake（SSLSocketImpl.java:1312） at sun.security.ssl.SSLSocketImpl.startHandshake（SSLSocketImpl.java:1339 ） at sun.security.ssl.SSLSocketImpl.startHandshake（SSLSocketImpl.java:1323） at sun.net.www.protocol.https.HttpsClient.afterConnect（HttpsClient.java:515） at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect（AbstractDelegateHttpsURLConnection.java:185） at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect（HttpsURLConnectionImpl.java:153）在util.SMS.send（SMS.java:93）在domain.ActivationSMSSenderMain.sendActivationMessagesToCustomers（ActivationSMSSenderMain.java:80）在domain.ActivationSMSSenderMain。< init>（ActivationSMSSenderMain.java:44 ）在domain.ActivationSMSSenderMain.main（ActivationSMSSenderMain.java:341）导致：sun.security.validator.ValidatorException：PKIX路径建筑失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到有效的认证路径到请求的目标在sun.security.validator.PKIXValidator.doBuild（PKIXValidator.java:385）在太阳。 security.validator.PKIXValidator.engineValidate（PKIXValidator.java:292） at sun.security.validator.Validator.validate（Validator.java:260） at sun.security.ssl.X509TrustManagerImpl.validate（ X509TrustManagerImpl.java:326） at sun.security.ssl.X509TrustManagerImpl.checkTrusted（X509TrustManagerImpl.java:231） at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted（X509TrustManagerImpl.java:126） at sun.security.ssl.ClientHandshaker.serverCertificate（ClientHandshaker.java:1323） ... 14更多导致：sun.security.provider.certpath.SunCertPathBuilderException：无法找到有效的认证路径请求目标在sun.security.provider.certpath.SunCertPathBuilder.engineBuild（SunCertPathBu ilder.java:196）在java.security.cert.CertPathBuilder.build（CertPathBuilder.java:268） at sun.security.validator.PKIXValidator.doBuild（PKIXValidator.java:380） ... 20更多 更新： System.out.println（System.getProperty（javax.net.ssl.trustStore））; 和 System.out.println（System.getProperty（javax.net.ssl.keyStore））; 返回 null 。解决方案我遇到类似的问题，其原因和解决办法都是相当简单的： 主要原因：没有使用keytool导入正确的证书 注意：只导入根CA（或您自己的自签名）证书 imap.gmail.com的解决方案示例 确定根CA证书： code> openssl s_client -showcerts -connect imap.gmail.com:993 在这种情况下我们发现根CA是Equifax安全证书颁发机构 下载根CA证书。 通过与信息比较验证下载的证书具有正确的SHA-1和/或MD5指纹 在这里找到 导入证书 javax.net.ssl.trustStore ： keytool -import -alias gmail_imap -file Equifax_Secure_Certificate_Authority.pem 运行您的java代码 I have been struggling for almost one week to get my applications up running after moving my applications from Windows 2000 to Windows 2008 R2 Server.The procedure:Installed Java JDK 1.7.0_25Set system environment variable JAVA_HOME to C:\Progra~1\Java\jdk1.7.0_25\Imported the certificate into cacerts with keytoolEnsured that the certificate exists in keytool with -list.I have tried to repeat step 3 with InstallCert to ensure that i havent messed anything up.The above methods did not solve my problem, so i tried to do it programmatically:System.setProperty("javax.net.ssl.trustStore","C:/Progra~1/Java/jdk1.7.0_25/jre/lib/security/cacerts");System.setProperty("javax.net.ssl.trustStorePassword", "changeit");Still without any luck. I am stuck and not quite sure which direction to go from here.Stack trace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at util.SMS.send(SMS.java:93) at domain.ActivationSMSSenderMain.sendActivationMessagesToCustomers(ActivationSMSSenderMain.java:80) at domain.ActivationSMSSenderMain.<init>(ActivationSMSSenderMain.java:44) at domain.ActivationSMSSenderMain.main(ActivationSMSSenderMain.java:341)Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) ... 14 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ... 20 moreUPDATE:BothSystem.out.println(System.getProperty("javax.net.ssl.trustStore"));andSystem.out.println(System.getProperty("javax.net.ssl.keyStore"));returns null. 解决方案 I ran into similar issues whose cause and solution turned out both to be rather simple:Main Cause: Did not import the proper cert using keytoolNOTE: Only import root CA (or your own self-signed) certificatesNOTE: don't import an intermediate, non certificate chain root certSolution Example for imap.gmail.comDetermine the root CA cert: openssl s_client -showcerts -connect imap.gmail.com:993in this case we find the root CA is Equifax Secure Certificate AuthorityDownload root CA cert.Verify downloaded cert has proper SHA-1 and/or MD5 fingerprints by comparing with info found hereImport cert for javax.net.ssl.trustStore:keytool -import -alias gmail_imap -file Equifax_Secure_Certificate_Authority.pemRun your java code 这篇关于PKIX路径构建在Java应用程序中失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！