收藏
回答

上传临时素材失败,是要证书么?unable to find valid certification

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

回答关注问题邀请回答
收藏

1 个回答

  • 北望沣渭
    北望沣渭
    10-16

    应该是你的jvm运行时证书偏旧所致, https://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find 上有个shell,可以用来更新证书,摘录如下 java-cert-importer.sh

    #!/usr/bin/env bash
    
    # Exit on error
    set -e
    
    # Ensure script is running as root
    if [ "$EUID" -ne 0 ]
      then echo "WARN: Please run as root (sudo)"
      exit 1
    fi
    
    # Check required commands
    command -v openssl >/dev/null 2>&1 || { echo "Required command 'openssl' not installed. Aborting." >&2; exit 1; }
    command -v keytool >/dev/null 2>&1 || { echo "Required command 'keytool' not installed. Aborting." >&2; exit 1; }
    
    # Get command line args
    host=$1; port=${2:-443}; deleteCmd=${3:-${2}}
    
    # Check host argument
    if [ ! ${host} ]; then
    cat << EOF
    Please enter required parameter(s)
    
    usage:  ./java-cert-importer.sh <host> [ <port> | default=443 ] [ -d | --delete ]
    
    EOF
    exit 1
    fi;
    
    if [ "$JAVA_HOME" ]; then
        javahome=${JAVA_HOME}
    elif [[ "$OSTYPE" == "linux-gnu" ]]; then # Linux
        javahome=$(readlink -f $(which java) | sed "s:bin/java::")
    elif [[ "$OSTYPE" == "darwin"* ]]; then # Mac OS X
        javahome="$(/usr/libexec/java_home)/jre"
    fi
    
    if [ ! "$javahome" ]; then
        echo "WARN: Java home cannot be found."
        exit 1
    elif [ ! -d "$javahome" ]; then
        echo "WARN: Detected Java home does not exists: $javahome"
        exit 1
    fi
    
    echo "Detected Java Home: $javahome"
    
    # Set cacerts file path
    cacertspath=${javahome}/lib/security/cacerts
    cacertsbackup="${cacertspath}.$$.backup"
    
    if ( [ "$deleteCmd" == "-d" ] || [ "$deleteCmd" == "--delete" ] ); then
        sudo keytool -delete -alias ${host} -keystore ${cacertspath} -storepass changeit
        echo "Certificate is deleted for ${host}"
        exit 0
    fi
    
    # Get host info from user
    #read -p "Enter server host (E.g. example.com) : " host
    #read -p "Enter server port (Default 443) : " port
    
    # create temp file
    tmpfile="/tmp/${host}.$$.crt"
    
    # Create java cacerts backup file
    cp ${cacertspath} ${cacertsbackup}
    
    echo "Java CaCerts Backup: ${cacertsbackup}"
    
    # Get certificate from speficied host
    openssl x509 -in <(openssl s_client -connect ${host}:${port} -prexit 2>/dev/null) -out ${tmpfile}
    
    # Import certificate into java cacerts file
    sudo keytool -importcert -file ${tmpfile} -alias ${host} -keystore ${cacertspath} -storepass changeit
    
    # Remove temp certificate file
    rm ${tmpfile}
    
    # Check certificate alias name (same with host) that imported successfully
    result=$(keytool -list -v -keystore ${cacertspath} -storepass changeit | grep "Alias name: ${host}")
    
    # Show results to user
    if [ "$result" ]; then
        echo "Success: Certificate is imported to java cacerts for ${host}";
    else
        echo "Error: Something went wrong";
    fi;
    
    10-16
    有用
    回复 2
    • Answer
      Answer
      10-16
      但是调客服消息接口是没有问题的呢?
      10-16
      回复
    • 北望沣渭
      北望沣渭
      10-16回复Answer
      上传文件走的HTTP协议是multipart/form-data;客服消息接口的协议是application/x-www-form-urlencoded,jvm运行时对这两种协议的证书要求可能不一致,建议更新一下证书试试看。
      10-16
      回复
登录 后发表内容
问题标签