1. 首页
  2. 问答
  3. Fiddler java https - “无法找到有效的证书路径到请求的目标”

Fiddler java https - “无法找到有效的证书路径到请求的目标”

2015-11-09 61 views
0

我跟着instructions在Fiddler中为java客户端程序设置https流量解密。但我仍然得到这个错误的IntelliJFiddler java https - “无法找到有效的证书路径到请求的目标”

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) 
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) 
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) 
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) 
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) 
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) 
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) 
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) 
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) 
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) 
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) 
    at Program.main(Program.java:41) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:606) 
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230) 
    at sun.security.validator.Validator.validate(Validator.java:260) 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) 
    ... 25 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) 
    ... 31 more

我也试过在程序本身设置属性

System.setProperty("http.proxyHost", "127.0.0.1"); 
System.setProperty("https.proxyHost", "127.0.0.1"); 
System.setProperty("http.proxyPort", "8888"); 
System.setProperty("https.proxyPort", "8888"); 
System.setProperty("javax.net.ssl.trustStore", "c:\\Users\\tcb\\IdeaProjects\\FiddlerKeystore"); 
System.setProperty("javax.net.ssl.trustStorePassword", "SomePassword");

还是同样的错误(而不是使用虚拟机选项)。最后,我想进口FiddlerRoot.cer到JRE的cacerts的商店

C:\windows\system32>"c:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe" -import -trustcacerts -alias Fiddler -file c:\users\tcb\Desktop\FiddlerRoot.cer -keystore "c:\Program Files\Java\jre7\lib\security\cacerts"

但我仍然得到“无法找到有效的认证路径要求的目标”的错误。

什么可能导致此错误?

来源

2015-11-09 tcb

回答

0

您使用哪种证书生成器:makecertcertenroll? (请参阅http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

我要求的原因是由makecert生成的证书不包含AKI扩展,并且可能无法在没有它们的情况下正确构建证书链。当由certenrollbouncycastle certmaker addon生成的证书生成的证书可以补救这个问题,它们都将AKI扩展添加到生成的证书。

来源

2015-11-18 19:48:24 EricLaw

相关问题

 相关问题