我试图在java中使用HttpURLConnection发出HTTP GET请求.
当我使用浏览器时,它说我不信任证书你想继续吗？
我接受证书和GET请求获取数据.但我在java中获得证书异常(如下所示)

我从这个例外中理解的是,我需要下载该证书并将其放入
java系统属性berfore发出GET请求.

我的问题是.

>如何从浏览器下载此证书？
>我可以在我的java程序中使用浏览器的证书存储库,使用它需要知道什么？
>如果我想在我的密钥库中安装证书,那么我需要做什么？

非常感谢 ：)

我正在尝试使用keytool命令下载证书.我不知道证书存储在服务器中的哪个位置,但我给出了我在浏览器中使用的服务器的路径,浏览器说证书不受信任.

URL gatewayServiceUrl = new URL("http://192.168.55.179:56400/nwa");
        HttpURLConnection connection = (HttpURLConnection) gatewayServiceUrl.openConnection();
        connection.setRequestMethod("GET");
        connection.setRequestProperty("Authorization", getExample.getBasicAuth());
        connection.connect();
        if (HttpURLConnection.HTTP_OK == connection.getResponseCode()) {
            System.out.println("success");
            System.out.println(getExample.getDataFromStream(connection.getInputStream()));
        } else {
            System.out.println("success");
            System.out.println(getExample.getDataFromStream(connection.getErrorStream()));
        }
        System.out.println(connection.getResponseCode());






Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
    at com.testweb.GetExample.main(GetExample.java:18)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)

解决方法:

您必须将服务器证书的颁发者CA(或直接服务器证书,例如您的cds是自签名的)添加到信任库,以避免PKIX路径构建器异常.

默认情况下,java truststore位于JAVA_HOME / jre / lib / security / cacerts上(您可以使用javax.net.ssl.trustStore属性指定另一个信任库).

为此,请先下载服务器证书.您可以下载服务器证书,例如Chrome连接到服务器URL并单击绿色锁,然后选择选项卡连接并单击证书信息：

然后将此证书保存在光盘上.

现在你必须将这个证书添加到java信任库,你可以使用java keytool(如果在你的路径中使用keytool,如果keytool不在JAVA_HOME / bin / keytool上)：

keytool -import -trustcacerts -alias myServerCertificate -file path/myServerCert.crt -keystore JAVA_HOME/jre/lib/security/cacerts

cacerts的默认密码是：changeit

希望这可以帮助,