javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚

概述我正在使用Retrofit来访问我的RESTAPI.但是,当我把我的API放在ssl后面并通过http：//myhost/myapi访问它时,我收到此错误：我的API落后于SSL,我是否需要做一些额外的事情？这是我如何连接：privatefinalStringAPI="https://myhost/myapi";privatefinalRestAdapterREST_AD

我正在使用Retrofit来访问我的REST API.但是,当我把我的API放在ssl后面并通过http：// myhost / myAPI访问它时,我收到此错误：

我的API落后于SSL,我是否需要做一些额外的事情？

这是我如何连接：

private final String API = "https://myhost/myAPI";private final RestAdapter REST_ADAPTER = new RestAdapter.Builder()        .setServer(API)        .setLogLevel(RestAdapter.LogLevel.FulL)        .build();01-10 09:49:55.621    2076-2100/com.myapp.mobile D/Retrofit﹕ javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValIDatorException: Trust anchor for certification path not found.            at org.apache.harmony.xnet.provIDer.Jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:401)            at libcore.net.http.httpconnection.setupSecureSocket(httpconnection.java:209)            at libcore.net.http.httpsURLConnectionImpl$httpsEngine.makeSslConnection(httpsURLConnectionImpl.java:478)            at libcore.net.http.httpsURLConnectionImpl$httpsEngine.connect(httpsURLConnectionImpl.java:433)            at libcore.net.http.httpEngine.sendSocketRequest(httpEngine.java:290)            at libcore.net.http.httpEngine.sendRequest(httpEngine.java:240)            at libcore.net.http.httpURLConnectionImpl.getResponse(httpURLConnectionImpl.java:282)            at libcore.net.http.httpURLConnectionImpl.getResponseCode(httpURLConnectionImpl.java:497)            at libcore.net.http.httpsURLConnectionImpl.getResponseCode(httpsURLConnectionImpl.java:134)            at retrofit.clIEnt.UrlConnectionClIEnt.readResponse(UrlConnectionClIEnt.java:90)            at retrofit.clIEnt.UrlConnectionClIEnt.execute(UrlConnectionClIEnt.java:48)            at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:287)            at retrofit.RestAdapter$RestHandler.invoke(RestAdapter.java:222)            at $Proxy12.signin(Native Method)            at com.myapp.loginactivity.doInBackground(LoginActivity.java:143)            at com.myapp.loginactivity.doInBackground(LoginActivity.java:136)            at androID.os.AsyncTask.call(AsyncTask.java:287)            at java.util.concurrent.FutureTask.run(FutureTask.java:234)            at androID.os.AsyncTask$SerialExecutor.run(AsyncTask.java:230)            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)            at java.lang.Thread.run(Thread.java:841)     Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValIDatorException: Trust anchor for certification path not found.            at org.apache.harmony.xnet.provIDer.Jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:282)            at org.apache.harmony.xnet.provIDer.Jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202)            at org.apache.harmony.xnet.provIDer.Jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:595)            at org.apache.harmony.xnet.provIDer.Jsse.NativeCrypto.SSL_do_handshake(Native Method)            at org.apache.harmony.xnet.provIDer.Jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:398)            at libcore.net.http.httpconnection.setupSecureSocket(httpconnection.java:209)            at libcore.net.http.httpsURLConnectionImpl$httpsEngine.makeSslConnection(httpsURLConnectionImpl.java:478)            at libcore.net.http.httpsURLConnectionImpl$httpsEngine.connect(httpsURLConnectionImpl.java:433)            at libcore.net.http.httpEngine.sendSocketRequest(httpEngine.java:290)            at libcore.net.http.httpEngine.sendRequest(httpEngine.java:240)            at libcore.net.http.httpURLConnectionImpl.getResponse(httpURLConnectionImpl.java:282)            at libcore.net.http.httpURLConnectionImpl.getResponseCode(httpURLConnectionImpl.java:497)            at libcore.net.http.httpsURLConnectionImpl.getResponseCode(httpsURLConnectionImpl.java:134)            at retrofit.clIEnt.UrlConnectionClIEnt.readResponse(UrlConnectionClIEnt.java:90)            at retrofit.clIEnt.UrlConnectionClIEnt.execute(UrlConnectionClIEnt.java:48)            at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:287)            at retrofit.RestAdapter$RestHandler.invoke(RestAdapter.java:222)            at $Proxy12.signin(Native Method)            at com.myapp.LoginActivity.doInBackground(LoginActivity.java:143)            at com.myapp.LoginActivity.doInBackground(LoginActivity.java:136)            at androID.os.AsyncTask.call(AsyncTask.java:287)            at java.util.concurrent.FutureTask.run(FutureTask.java:234)            at androID.os.AsyncTask$SerialExecutor.run(AsyncTask.java:230)            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)            at java.lang.Thread.run(Thread.java:841)

解决方法:

发生这种情况的原因是JVM / Dalvik对系统或用户证书存储中的CA证书没有信心.

要使用Retrofit修复此问题,如果使用okhttp,则使用其他客户端非常相似.
你要这样做：

一种).创建包含CA的公钥的证书库.为此,您需要为* nix启动下一个脚本.
你需要在你的机器上安装openssl,并从https://www.bouncycastle.org/下载jar bcprov-jdk16-1.46.jar.不下载此版本
另外,1.5x版本与androID 4.0.4不兼容.

#!/bin/bashif [ -z  ]; then  echo "Usage: cert2AndroID<CA cert PEM file>"  exit 1fiCACERT=BCJAR=bcprov-jdk16-1.46.jarTRUSTSTORE=mytruststore.bksAliAS=`openssl x509 -inform PEM -subject_hash -noout -in $CACERT`if [ -f $TRUSTSTORE ]; then    rm $TRUSTSTORE || exit 1fiecho "Adding certificate to $TRUSTSTORE..."keytool -import -v -trustcacerts -alias $AliAS \      -file $CACERT \      -keystore $TRUSTSTORE -storetype BKS \      -provIDerclass org.bouncycastle.jce.provIDer.BouncyCastleProvIDer \      -provIDerpath $BCJAR \      -storepass secretecho "" echo "Added '$CACERT' with alias '$AliAS' to $TRUSTSTORE..."

B).将文件truststore mytruststore.bks复制到项目的res / raw中

C).设置连接的SSLContext：

.............okhttpClIEnt = new OkhttpClIEnt();try {    KeyStore ksTrust = KeyStore.getInstance("BKS");    inputStream instream = context.getResources().openRawResource(R.raw.mytruststore);    ksTrust.load(instream, "secret".tochararray());    // TrustManager decIDes which certificate authoritIEs to use.    TrustManagerFactory tmf = TrustManagerFactory        .getInstance(TrustManagerFactory.getDefaultAlgorithm());    tmf.init(ksTrust);    SSLContext sslContext = SSLContext.getInstance("TLS");    sslContext.init(null, tmf.getTrustManagers(), null);    okhttpClIEnt.setSslSocketFactory(sslContext.getSocketFactory());} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | KeyManagementException e) {    e.printstacktrace();}.................

总结

以上是内存溢出为你收集整理的javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚全部内容，希望文章能够帮你解决javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。