SAMPLE javaclient正在运行，来自JAVA-APPLICATION，表示无法找到到请求目标的有效证书路径

如何解决SAMPLE javaclient正在运行，来自JAVA-APPLICATION，表示无法找到到请求目标的有效证书路径

下面的示例javaclient正在运行..连接到服务器并获取输出[响应代码：200]

import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.io.*;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;

public class HttpsClient{

   public static void main(String[] args)
   {
        new HttpsClient().testIt();
   }

   private void testIt(){


String https_url = "https://sampleserver.net:443/webapp/connect.dll?Connect&time=2208282020&serial=46010&value=758.24";

      URL url;
      try {

         url = new URL(https_url);
         HttpsURLConnection con = (HttpsURLConnection)url.openConnection();

         //dumpl all cert info
         print_https_cert(con);

         //dump all the content
         print_content(con);

      } catch (MalformedURLException e) {
         e.printstacktrace();
      } catch (IOException e) {
         e.printstacktrace();
      }

   }

   private void print_https_cert(HttpsURLConnection con){

    if(con!=null){

      try {

    System.out.println("Response Code : " + con.getResponseCode());
    System.out.println("Cipher Suite : " + con.getCipherSuite());
    System.out.println("\n");

    Certificate[] certs = con.getServerCertificates();
    for(Certificate cert : certs){
       System.out.println("Cert Type : " + cert.getType());
       System.out.println("Cert Hash Code : " + cert.hashCode());
       System.out.println("Cert Public Key Algorithm : "
                                    + cert.getPublicKey().getAlgorithm());
       System.out.println("Cert Public Key Format : "
                                    + cert.getPublicKey().getFormat());
       System.out.println("\n");
    }

    } catch (SSLPeerUnverifiedException e) {
        e.printstacktrace();
    } catch (IOException e){
        e.printstacktrace();
    }

     }

   }

   private void print_content(HttpsURLConnection con){
    if(con!=null){

    try {

       System.out.println("****** Content of the URL ********");
       BufferedReader br =
        new BufferedReader(
            new InputStreamReader(con.getInputStream()));

       String input;

       while ((input = br.readLine()) != null){
          System.out.println(input);
       }
       br.close();

    } catch (IOException e) {
       e.printstacktrace();
    }

       }

   }

}

输出

Response Code : 200
Cipher Suite : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA


Cert Type : X.509
Cert Hash Code : 31005469
Cert Public Key Algorithm : RSA
Cert Public Key Format : X.509


Cert Type : X.509
Cert Hash Code : 16813553
Cert Public Key Algorithm : RSA
Cert Public Key Format : X.509


Cert Type : X.509
Cert Hash Code : 5605913
Cert Public Key Algorithm : RSA
Cert Public Key Format : X.509

通过更改路径从jdk7和jdk8执行。[响应代码：200]

export JAVA_HOME=/usr/java/jdk1.7.0_60
export PATH=/usr/java/jdk1.7.0_60/bin:$PATH
/usr/java/jdk1.7.0_60/bin/javac HttpsClient.java
/usr/java/jdk1.7.0_60/bin/java -classpath . -Djavax.net.ssl.trustStore=/usr/java/jdk1.7.0_60/jre/lib/security/cacerts HttpsClient > output.txt

从java-application调用时，该应用程序使用jdk7以上作为其运行时文件夹。

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getResponseCode(HttpsURLConnectionOldImpl.java:308)
    at com.ph.linkshared.port.socket.base.client.HttpGetThread.runThread(HttpGetThread.java:144)
    at com.ph.linkshared.port.socket.base.client.HttpGetThread.run(HttpGetThread.java:77)
Caused by: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.dobuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.x509trustmanagerImpl.validate(x509trustmanagerImpl.java:326)
    at sun.security.ssl.x509trustmanagerImpl.checkTrusted(x509trustmanagerImpl.java:231)
    at sun.security.ssl.x509trustmanagerImpl.checkServerTrusted(x509trustmanagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.dobuild(PKIXValidator.java:380)
    ... 20 more

有什么想法为什么不能从申请中失败，并出现证书问题？
-Djavax.net.debug = all / -Djavax.net.debug = ssl：handshake：data / -Djavax.net.debug =来自JavaClient的SSL，握手，数据，trustmanager并显示响应代码“ 200”
通过keytool将根证书和中间证书添加到jdk
密码套件：TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA是否同时支持jdk7和jdk8？

解决方法

有什么想法为什么不能从应用程序中失败，并出现证书问题？

应用程序使用的是默认设置以外的信任库（或者使用其他信任库来启动或修改），或者应用程序从服务器获取了不同的证书（也许通过连接到与您不同的主机）预期的结果，可能是通过某种类型的代理，或者是通过更改连接参数（导致（同一）服务器做出不同响应）的连接，例如在没有使用的地方禁用SNI或对密码套件进行限制或重新排序，以获取不同的密钥交换。

尝试使用javax.net.debug=ssl[:trustmanager:handshake]运行 app （即失败案例）（默认情况下，这些详细信息类别已启用，因此7和8不需要使用这些详细信息类别，除了最近的8u261可能，付费的7个更新之一，9和10，但确实需要为11 up和8u261指定）。查看由trustmanager加载的证书，以查看它们是否包含您所需的证书，并查看从服务器收到的证书链，以查看它是否是您期望的或与您期望的不同，尤其是如果它与原先的不匹配加载到trustmanager中。

PS：打印cert.getType()是没有用的； JSSE 仅支持TLS中的X.509证书。（从技术上讲，存在其他证书的RFC，但几乎从未实现或使用。）打印cert.hashCode()给出的内部对象标识符对任何事物都没有用，除非确定两个对象是否为同一对象，否则永远不会从服务器收到证书的情况。打印cert.getPublicKey().getFormat()完全没有用，因为所有 JCE公钥的格式均为X.509；参见the javadoc for java.security.Key.getFormat()。此外，叶证书的算法由密码套件确定；原则上，用于CA证书的算法可以有所不同，但很少有，而且无论如何都与您的问题无关。

{em>可能的帮助是((X509Certificate)cert).getSubjectX500Principal()和.getIssuerX500Principal()以及有效性（.getNotBefore()和.getNotAfter()）以及.getBasicConstraints()和{{ 1}}。但是调试日志已经具有相同的信息，并且格式一致。