开放自由SSLHandshakeException为官方码头形象microProfile3java11
开放自由SSLHandshakeException为官方码头形象microProfile3java11
提问于 2019-08-08 06:29:53
我试图使用一个简单的JAX客户机来访问像https://reqres.in/api/users或https://jsonplaceholder.typicode.com/todos这样的虚拟REST,比如:
public class RandomDataProvider {
private WebTarget webTarget;
@PostConstruct
public void setUp() {
Client client = ClientBuilder.newBuilder()
.connectTimeout(5, TimeUnit.SECONDS)
.readTimeout(5, TimeUnit.SECONDS)
.build();
this.webTarget = client
.target("https://reqres.in/api/users");
}
public JsonArray getAllPosts() {
return this.webTarget
.request()
.accept(MediaType.APPLICATION_JSON)
.get(JsonArray.class);
}
}但是每次我尝试使用HTTPS时,我都会得到服务器所在的SSLHandshakeExeption:无法找到被请求目标的有效认证路径。
[ERROR ] SRVE0283E: Exception caught while initializing context: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://reqres.in/api/users: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:640)
at [internal classes]
at de.rieckpil.udemy.RandomDataProvider.getAllPosts(RandomDataProvider.java:32)
at de.rieckpil.udemy.RandomDataPrinter.initialize(RandomDataPrinter.java:17)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95)
at [internal classes]
Caused by (repeated) ... : javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://reqres.in/api/users: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1451)
... 9 more
Caused by: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:806)
... 9 moreDockerfile如下所示:
FROM open-liberty:microProfile3-java11
COPY --chown=1001:0 target/mywar.war /config/dropins/我假设这个正式的Docker映像使用的是JDK受信任的证书,还是必须在自己的server.xml中显式地配置它?
回答 2
Stack Overflow用户
回答已采纳
发布于 2021-06-02 22:06:11
这实际上已经变得更容易配置自上一篇文章。ssl元素上有一个属性,它将告诉SSL上下文除了使用配置信任存储之外,还要使用JVM的默认信任库。
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustDefaultCerts="true" /> Stack Overflow用户
发布于 2019-08-12 14:40:16
默认情况下,does不使用JDK的受信任证书。如果要使用仙人掌文件作为信任,则必须对其进行配置。我假设您没有ssl配置。要添加仙人掌文件,可以添加如下配置:
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="caTrustStore" />
<keyStore id="caTrustStore" location=“enter path to cacerts file" type="JKS" password="changeit" />页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/57406422
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号