SSLHandshakeException使用一台计算机，在另一个作品

Question

我想访问这个https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087页面使用java客户端来读取一些json数据。奇怪的是，当我在我的电脑上运行它，它工作得很好，但是当我运行jar到VM它给我这个错误

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

我用这

String url="https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087"; 
BufferedReader in = new BufferedReader(new InputStreamReader(new URL(url).openStream())); 
String result=IOUtils.toString(in); 
System.out.println(result); 

后一些挖掘我试图使用HttpsURLConnection

String url="https://www.cityofathens.gr/khe/epixeiriseis/json?shop_id=49087"; 
URL myurl = new URL(url); 
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection(); 
InputStream ins = con.getInputStream(); 
InputStreamReader isr = new InputStreamReader(ins); 
BufferedReader in = new BufferedReader(isr); 

但错误保持不变！

有帮助吗？ 谢谢

Answer 1

您的其他Java虚拟机缺少root ca（DST根CA X3）。更新VM上的JRE/JDK to 7u111/8u101或手动将证书添加到密钥存储区。

下载证书：

wget https://letsencrypt.org/certs/letsencryptauthorityx1.der 
wget https://letsencrypt.org/certs/letsencryptauthorityx2.der 
wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der 
wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der 
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der 
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der 

将它们添加到密钥库（位置可能不同系统上）：

sudo keytool -trustcacerts -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -file letsencryptauthorityx1.der 
# repeat for the rest of *.der files 

您将需要重新启动Java进程要使用新的证书。

跳过证书验证

你也可以忽略证书问题（不推荐）：选中此answer代码：