JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » EJB / 其它Java EE 討論區 » JavaMail  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友   
reply to postflat modego to previous topicgo to next topic
己加入精華區
by koji at 2010-02-03 18:53
本主題所含的標籤
作者 JavaMail 與 PKIX path building failed 例外問題 [精華]
qrtt1





發文: 1748
積分: 31
於 2009-09-14 18:30 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
今天在寫 Java Mail 使用 smpts 連線時發生下列例外:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Exception in thread "main" org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Exception reading response;
  nested exception is:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:419)
  at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:342)
  at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:357)
  at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:346)
  at npui.server.persistence.Test.main(Test.java:45)
Caused by: javax.mail.MessagingException: Exception reading response;
  nested exception is:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1764)
  at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1523)
  at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:453)
  at javax.mail.Service.connect(Service.java:291)
  at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:389)
  ... 4 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
  at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
  at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:106)
  at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
  at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
  at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:84)
  at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1742)
  ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
  at sun.security.validator.Validator.validate(Validator.java:218)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
  ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
  ... 26 more


順著例外的提示去找解決方法時,看到原來它已經被列在 Java Mail FAQ 內:
When connecting to my mail server over SSL I get an exception like "unable to find valid certification path to requested target"
http://java.sun.com/products/javamail/FAQ.html#installcert
1
2
3
4
5
6
7
Q: When connecting to my mail server over SSL 
I get an exception like "unable to find valid certification path to requested target".
 
A: Your server is probably using a test certificate 
or self-signed certificate instead of a certificate signed by a commercial Certificate Authority. 
You'll need to install the server's certificate into your trust store. 
The InstallCert program will help


Java Mail FAQ 說,對方的 Server 並沒有使用一個商業的 CA,它可能是自己建立的、或測試用的 CA,我們必需要自己安裝它。
它也提供一個安裝 CA 的網址:

Java and security bits
http://blogs.sun.com/andreas/entry/no_more_unable_to_find

在這個網址上有附一個程式:
http://blogs.sun.com/andreas/resource/InstallCert.java

利用它我們可以抓到該網站的 CA 資訊:
1
java InstallCert smtps.example.com


需要注意的是,它預設會連上 443 port,不過 smtps 是使用 465。
所以,您可以在目標伺服務加上 port:
1
java InstallCert smtps.example.com:465


依著程式的提示,你完成下載 CA 的動作後,會在執行目錄發現多出一個 jssecacerts 檔。
您必需在使用 javamail 連線至 server 前設定它,我們將它放在 Classpath . 的位置:

1
2
3
System.setProperty("javax.net.ssl.trustStore", "jssecacerts");
 
// 其它 stmps 程式


透過設定正確的 javax.net.ssl.trustStore 程式就能正常運作。


reply to postreply to post
蝸牛角上爭何事?石火光中寄此身,隨富隨貧且歡樂,不開口笑是癡人。
my notes
話題樹型展開
人氣 標題 作者 字數 發文時間
10219 [精華] JavaMail 與 PKIX path building failed 例外問題 qrtt1 5838 2009-09-14 18:30
8942 Re:JavaMail 與 PKIX path building failed 例外問題 qrtt1 8929 2010-02-03 18:12
2651 Re:JavaMail 與 PKIX path building failed 例外問題 qrtt1 8062 2016-01-01 06:55
» JWorld@TW »  EJB / 其它Java EE 討論區 » JavaMail

reply to postflat modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8