『问题记录』PKIX path building failed问题

最新推荐文章于 2025-04-24 11:21:16 发布

置顶 HiCodd

最新推荐文章于 2025-04-24 11:21:16 发布

阅读量1k

点赞数 1

分类专栏： Java

本文链接：https://blog.youkuaiyun.com/HookJony/article/details/106001482

版权

Java 专栏收录该内容

5 篇文章

订阅专栏

『问题记录』PKIX path building failed问题

问题原因

Springboot请求外部https接口，由于ssl证书信任问题会导致PKIX path building failed问题。具体体现在请求小程序接口时，出现以上错误。

错误信息

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

解决方法

URL realUrl = null;
try {
    realUrl = new URL(url);
    if("https".equalsIgnoreCase(realUrl.getProtocol())){
        SslUtils.ignoreSsl();
    }
} catch (Exception e) {
    logger.error(e.toString());
}
ResponseEntity<String> response = restTemplate.getForEntity(String.valueOf(realUrl), String.class);

SslUntils库

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class SslUtils {

    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[1];
        TrustManager tm = new miTM();
        trustAllCerts[0] = tm;
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    static class miTM implements TrustManager,X509TrustManager {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public boolean isServerTrusted(X509Certificate[] certs) {
            return true;
        }

        public boolean isClientTrusted(X509Certificate[] certs) {
            return true;
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType)
                throws CertificateException {
            return;
        }
    }

    /**
     * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
     * @throws Exception
     */
    public static void ignoreSsl() throws Exception{
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        trustAllHttpsCertificates();
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    }
}