javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path

最新推荐文章于 2025-06-13 14:58:29 发布
最新推荐文章于 2025-06-13 14:58:29 发布
阅读量562 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: 疑难杂症 文章标签: https ssl jdbc weblogic
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/qq_37163925/article/details/107780128
本文解决Presto JDBC在连接Kerberos认证集群时因证书问题导致的SSLHandshakeException错误,通过替换节点上的cacerts文件解决了认证失败的问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

问题描述

presto-examples-1.0-SNAPSHOT-jar-with-dependencies.jar在集群内节点运行时正常,但在集群外节点运行PrestoJDBCExample连接开启Kerberos认证的集群缺少证书,报错如下:

java.sql.SQLException: Error executing query
        at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:274)
        at com.facebook.presto.jdbc.PrestoStatement.execute(PrestoStatement.java:227)
        at
com.facebook.presto.jdbc.PrestoStatement.executeQuery(PrestoStatement.java:76)
        at
PrestoJDBCExample.main(PrestoJDBCExample.java:65)
Caused by: java.io.UncheckedIOException:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
com.facebook.presto.jdbc.internal.client.JsonResponse.execute(JsonResponse.java:154)
        at
com.facebook.presto.jdbc.internal.client.StatementClientV1.<init>(StatementClientV1.java:129)
        at
com.facebook.presto.jdbc.internal.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
        at
com.facebook.presto.jdbc.QueryExecutor.startQuery(QueryExecutor.java:46)
        at
com.facebook.presto.jdbc.PrestoConnection.startQuery(PrestoConnection.java:683)
        at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:239)
        ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at
sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:318)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:282)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.RealConnection.connect(RealConnection.java:167)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at
com.facebook.presto.jdbc.internal.client.SpnegoHandler.intercept(SpnegoHandler.java:109)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at
com.facebook.presto.jdbc.internal.client.OkHttpUtil.lambda$userAgent$0(OkHttpUtil.java:77)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at
com.facebook.presto.jdbc.internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at
com.facebook.presto.jdbc.internal.okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
        at
com.facebook.presto.jdbc.internal.okhttp3.RealCall.execute(RealCall.java:77)
        at
com.facebook.presto.jdbc.internal.client.JsonResponse.execute(JsonResponse.java:131)
        ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
        at
sun.security.validator.Validator.validate(Validator.java:260)
        at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
        ... 47 more

解决办法

服务端的证书没有被认证,导致连接失败,原因是本地cacerts并没有被认证。

可以用集群内节点上java jdk目录下的cacerts替换当前节点java jdk目录下的cacerts来解决。

flutter运行报错Exception in thread “main“ javax.net.ssl.SSLHandshakeException: sun.security.validator.Va
guiplan
02-14 366
C:\Users\用户名\.gradle\wrapper\dists\gradle-6.7-all\随机码。网上找了很多文章有配置maven的,有设置代理地址的。我这边找出来的问题是,gradle这块下载失败导致。这样启动的时候就不会再去下载这个gradle了。将下载好的gradle粘贴进来,注意不要解压。3.在当前目录下输入以下命令安装一下。自带浏览器下载太慢了。1.在以下目录找到这个配置文件。2.找到gradle的目录文件。然后用迅雷将其下载下来。下面教大家手动下载。
javax.net.ssl.SSLHandshakeException
03-19
NULL 博文链接:https://xusaomaiss.iteye.com/blog/723167
PKIX path building failed 的问题
iteye_18106的博客
11-03 1329
在执行webservice的过程中,出现如下异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un...
【报错解决】Java 连接https报错「javax.net.ssl.SSLHandshakeException」怎么破?看这篇!
最新发布
cuiwin的专栏
06-13 2535
Java 应用程序连接 HTTPS 服务时出现如下报错:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
证书异常导致:javax.net.ssl.SSLHandshakeException: sun.security.validator
热门推荐
Aikes Blog
10-08 1万+
程序访问Https地址时报错处理
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation
北回归线的博客
02-18 1457
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building
Jamie__Zhang的博客
04-06 3712
使用 httpClient 发送请求出现以下错误 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 看
https服务器证书异常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX
a10066的博客
11-12 3151
这个错误信息通常是由于 Java 客户端在建立 SSL 连接时无法验证服务器的 SSL 证书,导致握手失败。具体来说,它是因为找不到有效的证书链路径。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building f
qq_36666181的博客
03-11 1213
先看错误提示: 2019-03-11 11:40:34.922 ERROR 31168 --- [nio-8084-exec-2] c.m.o.jasig.cas.client.util.CommonUtils : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provid...
BUG处理:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buil
狐狸是一只狐狸
12-08 1911
分享目的: 如果别人已经讲述了,这里只会给出相关链接 只补充解决思路。 每个人在寻找解决答案过程中,遇到的痛点难点都是不同的。 这里仅阐述我实际项目遇到问题的解决方案。 BUG描述: tomcat配置如下: <Connector port="8843" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme=.
Mac解决javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path build
qq_36631249的博客
07-17 1088
一、错误截图 二、解决办法 1. 下载所请求的网站证书,保存到本地。 注:Mac没有导出按钮,直接拖拽证书,进行保存。 2. 寻找项目所用Jdk在Mac中的位置,进入bin目录 注:因为我是①、②、③、④顺序执行解决问题,但是我怀疑可以直接使用第④个命令解决问题,不过因为要记录自己的实际操作,所以把①、②、③步骤也记录在文章中。 ① 执行导入证书命令 sudo ./keytool -import -file “这里写刚刚导出的cer文件的绝对位置” -keystore “这里写java的cacerts绝对
报错javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
zhangmiaoping23的专栏
04-09 6093
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/u010248330/article/details/70161899[java] view plain copyimport java.io.File;  import java.io.FileNotFoundException;  import java.io.FileOutputStream; ...
JAVA后端线上环境调用接口出现证书不信任:PKIX path building failed
qq_25568881的博客
09-21 3115
JAVA后端线上环境调用接口出现证书不信任:PKIX path building failed 文章目录JAVA后端线上环境调用接口出现证书不信任:PKIX path building failed前言一、测试验证是否无法调通目标接口二、JDK将证书导入证书库总结 前言 目前市面上,比如阿里云购买的HTTPS证书,在浏览器中是可信任的证书,但是对于JAVA程序而言,可能会出现以下错误: javax.net.ssl.SSLHandshakeException: sun.security.validato
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin
07-27
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin是一个SSL握手异常,它通常发生在与服务器建立安全连接时。这个异常的原因是验证服务器证书时出现了问题,可能是由于证书不受信任或证书链不完整导致的。解决这个问题的方法有几种。 首先,你可以检查你的Java运行环境是否缺少根证书。如果是这样,你可以手动将缺少的根证书添加到Java的信任库中。你可以使用keytool命令来执行这个操作。 另外,你也可以尝试更新你的Java运行环境到最新版本,因为新版本的Java可能已经包含了最新的根证书。 此外,你还可以尝试禁用证书验证,但这并不是一个推荐的解决方法,因为它会降低连接的安全性。 最后,如果你是在使用第三方库或框架,你可以查看它们的文档或社区,看看是否有关于解决这个问题的特定指导。 总之,解决javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin异常的方法包括添加缺少的根证书、更新Java运行环境、禁用证书验证等。希望这些方法能帮助你解决这个问题。\[1\]\[2\]\[3\] #### 引用[.reference_title] - *1* [javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExcepti](https://blog.csdn.net/figosoar/article/details/115211179)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control_2,239^v3^insert_chatgpt"}} ] [.reference_item] - *2* [javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path buildin](https://blog.csdn.net/chaishen10000/article/details/82992291)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control_2,239^v3^insert_chatgpt"}} ] [.reference_item] - *3* [解决 :javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path ...](https://blog.csdn.net/qq_54642035/article/details/126408253)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control_2,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值