Because the company’s project needs, it needs to connect with Amazon IOT and send messages to Amazon IOT. It uses Amazon’s SDK. Everything seems normal. However, the test service reports an error and the local environment is normal.
Local JDK configuration:
java version "11.0.11" 2021-04-20 LTS Java(TM) SE Runtime Environment 18.9 (build 11.0.11+9-LTS-194) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.11+9-LTS-194, mixed mode)
JDK configuration of test service:
openjdk version "11.0.12" 2021-07-20 LTS OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS) OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)
Is there a big difference?There is no big difference. Oracle jdk11 is used locally. The server uses openjdk11 because it knows why. That’s all, but the program will always report an error:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
solve the problem
First changed a configuration
Find a link, which is a link on the official website of Oracle. The description of Oracle certificate roughly means that Oracle JDK will no longer trust the TLS certificate issued by Symantec, which is consistent with the similar plans recently announced by Google, Mozilla, apple and Microsoft. If necessary, you can bypass these restrictions by commenting out or deleting “symantec_tls” in the jdk.security.cadisttrustpolicies security attribute of the java.security configuration file.
The above configuration is in Java_ The file home/conf/security/java.security is opened in the form of text. It is around line 1187. There is such a sentence JDK. Security. Cadistrustpolicies = Symantec_ TLS needs to be commented out and changed to the following:
Then, then the server still can’t, Gan!
In the middle, I made a lot of attempts, but I didn’t describe it in detail. Finally, I was surprised and did a magical operation!
Then replaced a file
In Java_ Home/lib/security/cacerts file. This file is mainly a warehouse used by JDK to store certificates, including self trusted certificates and some certificates imported by keytool. Then I used Oracle cacerts certificate to replace the file with the same name under the same path of openjdk on the server. OK, done!
Through the keytool – List – keystore cacerts command to view the two files, it is found that the date of the oreclejdk is irregular and the date is relatively long, while the date of the openjdk is 2021. I don’t know if it has anything to do with this problem. If I encounter it at present, I’ll remember it first and make a note.
- keytool error: java.lang.Exception: Failed to establish chain from reply
- Certificate chaining error in sphere
- AES CBC PKCs × 7 encryption
- Keytool error: java.io.FileNotFoundException : MyAndroidKey.keystore (access denied)
- Was import certificate — error prompt: java.security.cert .CertPathValidatorException: Certificate chaining error
- Java was started but returned exit code = 13
- cURL error 60: SSL certificate problem: self signed certificate in certificate chain
- Error:Failed to create provisioning profile. – iOS
- Install Java runtime JRE in Ubuntu 16.04
- cas report error (No subject,’principal’ cannot be null, PKIX path validation failed, etc.)
- Idea stuck and error reported: UI was frozen for xxxxx MS problem solving
- To the brothers who encountered simple bind failed 192.168.1.×××: 636
- error:could not open…jvm.cfg solution
- Oracle login error: Oracle error 6 initializing SQL * plus (normal before)
- Python uses requests to request and reports SSL: CERTIFICATE_VERIFY_FAILED error
- Abnormal report error javax.net.ssl .SSLHandshakeException: server certificate change is restrictedduring renegotiation
- Error: could not find java.dll Error: could not find Java se runtime environment solution
- python cx_Oracle.DatabaseError: Error while trying to retrieve text for error ORA-01804
- Android 8.1 compilation error Jack server problem
- mysql configuration supports SSL connection