微信支付PKIX path building failed
生活随笔
收集整理的這篇文章主要介紹了
微信支付PKIX path building failed
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
異常信息
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification p ath to requested targetat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)at com.gemantic.wealth.admin.util.WxpayUtil.refund(WxpayUtil.java:111)at com.gemantic.wealth.admin.controller.RefundsController.verifyDebt(RefundsController.java:520)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:606)at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:213)at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:126)at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:96)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:617)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:578)at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.jasig.cas.client.util.AssertionThreadLocalFilter.doFilter(AssertionThreadLocalFilter.java:54)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:75)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:201)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at com.gemantic.wealth.admin.ArthurFilter.doFilter(ArthurFilter.java:83)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:88)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)at java.lang.Thread.run(Thread.java:745) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)at sun.security.validator.Validator.validate(Validator.java:260)at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)... 79 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)... 85 more異常原因
這是缺少安全證書時(shí)出現(xiàn)的異常
分析問題
- 本地開發(fā)并單元測試通過
- 測試環(huán)境API接口測試通過,服務(wù)器192.168.1.20
- 測試環(huán)境管理后臺(tái)的退款操作,調(diào)用接口拋出上面的異常,服務(wù)器192.168.1.23
20、23的系統(tǒng)、配置、安裝的軟件等完全一樣,出現(xiàn)這種情況的原因感覺很奇怪。唯一的區(qū)別就是23服務(wù)器上的管理后臺(tái)與CAS進(jìn)行了集成。
解決方案
- 第一步想到的是把從微信網(wǎng)站上下載的證書導(dǎo)入到j(luò)dk的cacerts中
keytool -import -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file /data/admin-web/cer/web/apiclient_cert.p12 -alias staging_wx_web
提示錯(cuò)誤:
keytool 錯(cuò)誤: java.lang.Exception: 所輸入的不是 X.509 證書
- 第二試著從chrome瀏覽器中導(dǎo)出證書的cer格式文件,另存為weixin.cer
?
?
- 將上面導(dǎo)出的證書上傳到服務(wù)器23的/home/look目錄下,然后導(dǎo)入$JAVA_HOME/jre/lib/security/cacerts中
keytool -import -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file /home/look/weixin.cer -alias staging_wx
輸入密碼,按提示輸入“是”,完成證書的導(dǎo)入。可以再次查看證書庫?keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts,此時(shí)已經(jīng)總數(shù)已經(jīng)多了一個(gè),添加成功
- 證書配置完成后,重啟一下服務(wù)。再次測試成功~
?
----------------------遇到點(diǎn)小問題----------------------
輸入密鑰口令報(bào)錯(cuò)
導(dǎo)入證書到JDK輸入密鑰庫口令這里沒有輸入生成證書時(shí)自己設(shè)置的秘鑰而是輸入changeit
或者直接:?
就是命令后面加上密碼:-storepass changeit
總結(jié)
以上是生活随笔為你收集整理的微信支付PKIX path building failed的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: TPTP(Java Profiling
- 下一篇: BPP 相关——02