ssl报错问题解决

最新推荐文章于 2025-10-16 09:59:57 发布

原创最新推荐文章于 2025-10-16 09:59:57 发布 · 1.1k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#java

后台同时被 2 个专栏收录

9 篇文章

订阅专栏

java

6 篇文章

订阅专栏

当遇到'unable to find valid certification path to requested target'错误时，可以通过下载证书并将其添加到信任存储来解决。使用特定命令从URL下载证书，并保存为独立文件。接着，利用keytool工具将证书导入JRE信任存储，确保每个导入的别名不同，且使用正确的信任存储密码。重新启动应用后，SSL问题应得到解决。

参考文档：Solve “unable to find valid certification path to requested target” | Packagecloud Blog

An alternate way to download the certificate is to use the below command with the URL you want to access.

openssl s_client -showcerts -connect <URL:443>

The command will output all the certificates included in the chain. The output will be as follows.

CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
 0 s:CN = *.google.com
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
-----BEGIN CERTIFICATE-----
O/B/H91EeIB4q+nmRO
tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH....
-----END CERTIFICATE-----

Save each of them as a file with unique names. Ensure that you copy both the BEGIN CERTIFICATE and END CERTIFICATE part.

4. The next step is to add the certificate to the trust store. This can be done using the keytool utility.

sudo keytool -importcert -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -file ~/Downloads/cert_file.crt -alias "root_cert"

While importing multiple certificates, ensure that the alias name is different for each of them. The default password for the JRE trust store is ‘changeit’. If you have changed this password, ensure to use the correct password.

Once this is done, restart your application and everything should be fine.

上面命令加上： > cer.cert

即可导出完整的文件